Software AG Products 10.5 | Using API Gateway | Usage Scenarios | Secure API using OAuth2 with refresh token workflow | Refresh Token Process Flow | How to get the access token without resource owner permission using refresh token in the subsequent attempts?
 
How to get the access token without resource owner permission using refresh token in the subsequent attempts?
This use case starts when you get the authorization code and ends when you access then API.
*To get access token using refresh token (Without resource owner permission).
When the access token expires and if you need to access the same API, you need to get another access token. If you have refresh token, you can get a new access token without getting the permission from the resource owner.
1. Invoke the refresh token endpoint.
Request: POST http(s)://hostname:port/invoke/pub.oauth/refreshAccessToken
In the Authorization tab, select the authorization type as Basic Auth. Provide the client ID as username and client secret as password. You can get the client ID and client secret in the Authentication tab of the Application screen.
Sample request body
{
"grant_type":"refresh_token",
"refresh_token":"f78dd4fc5b8d4d799cf066427e828e26ce7e3723e4334416a7b9cd8a274e6947"
}
Note:
Make sure you have replaced the refresh token that you got from the Step 2 using How to get the access token with resource owner permission? use case.
Sample response body
{
"grant_type": "refresh_token",
"refresh_token": "f78dd4fc5b8d4d799cf066427e828e26ce7e3723e4334416a7b9cd8a274e6947",
"scope": "TestRefreshtoken ",
"access_token": "c102bcaebecf451ca705bf54d26fae732ea9790a0ff64a87a010b3875b4b8da2",
"token_type": "Bearer",
"expires_in": 3600
}
2. Access API using the REST API client.
In the Authorization tab, select the authorization type as Bearer Token and provide the access token that you get from the response payload of the previous step.