2.1.7.3.5 Refresh Token Grant Type

When to use: To obtain a new access token without requiring user login.

Note:

• New tokens issued without user intervention.
• Ideal for maintaining long-running sessions securely.
• Refresh token validity is managed by IDCS configuration.

Sample code

curl --location ' https://<idcs_domain_url>/oauth2/v1/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=refresh_token' --data-urlencode 'refresh_token=9b53e4a2-xxxx-xxxx-xxxx-xxxx' --data-urlencode 'scope=<scope_value>%20urn:opc:resource:expiry=3600'

Sample code with mTLS

curl --location ' https://<idcs_secure_domain_url>/oauth2/v1/token' --cacert ./ca.crt --cert ./client.crt --key ./client.key --header "Authorization: Basic $encoded" --header 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' --data-urlencode 'grant_type=refresh_token' --data-urlencode 'refresh_token=9b53e4a2-xxxx-xxxx-xxxx-xxxx' --data-urlencode 'scope=<scope_value>%20urn:opc:resource:expiry=3600'

Sample response

{ "access_token": "eyJraWQiOiJrZXkxIiwiYWxnIjoiUlMyNTYifQ...", "refresh_token": "9b53e4a2-xxxx-xxxx-xxxx-xxxx", "token_type": "Bearer", "expires_in": 3600, }

For more details, see Refresh Token Grant Type.