Refresh Token Grant Type

2.1.7.3.5 Refresh Token Grant Type

When to use: To obtain a new access token without requiring user login.

Note:

New tokens issued without user intervention.
Ideal for maintaining long-running sessions securely.
Refresh token validity is managed by IDCS configuration.

Sample code

curl --location 'https://<idcs_domain>/oauth2/v1/token' \
--header "Authorization: Basic <base64Encoded clientid:secret>" \
--header 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=urn:opc:idm:__myscopes__' \
--data-urlencode 'client_id=<client_id>'

Sample code with mTLS

curl --location 'https://<idcs_domain>/oauth2/v1/token' \
--header "Authorization: Basic <base64Encoded clientid:secret>" \
--header 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=urn:opc:idm:__myscopes__' \
--data-urlencode 'client_id=<client_id>'

Sample response

{ "access_token": "eyJraWQiOiJrZXkxIiwiYWxnIjoiUlMyNTYifQ...", "refresh_token": "9b53e4a2-xxxx-xxxx-xxxx-xxxx", "token_type": "Bearer", "expires_in": 3600, }

For more details, see Refresh Token Grant Type.