4.2.4 Generate the Refresh Token

To generate the Refresh Token, add the Client ID and Client Secret using cURL Commands in the CLI Tool. The following is an example:

echo -n "<tenant_oauth_app_client_id>:<tenant_oauth_app_client_secret>" | base64 -w 0      (generates basic base64 encoded authorization token)

curl -H "Authorization: Basic <base64 encoded tenant_oauth_app_client_id:tenant_oauth_app_client_secret>"

 -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"  --request POST

https://<idcs-URL.identity>.<TENANT>.com/oauth2/v1/token

 -d "grant_type=password&username=<username>&password=<password>&scope=urn:opc:idm:__myscopes__%20offline_access"

Use the previously generated refresh token to generate a new access token without reauthenticating or providing user credentials.

curl -H "Authorization: Basic <base64 encoded tenant_oauth_app_client_id:tenant_oauth_app_client_secret"

 -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8"  --request POST

https://<idcs-URL.identity>.<TENANT>.com/oauth2/v1/token

 -d "grant_type=refresh_token&refresh_token=<refresh-token>&scope=<scope value>"

After generating the Refresh Token, invoke the API as shown in the following section.