Integration Server 10.3 | Built-In Services Reference Guide | OAuth Folder | Summary of Elements in this Folder | pub.oauth:refreshAccessToken
 
pub.oauth:refreshAccessToken
WmPublic. Deprecated - Replaced by pub.oauth:getToken.
Requests a new access token from the authorization server by using a refresh token. If the authorization server issued a refresh token to the client with the initial request, the client can use this service to request a new access token when the initial access token expires.
Input Parameters
grant_type
String Specify the type of grant flow required by the client.
For refresh tokens, you must specify refresh_token.
refresh_token
String Refresh token issued to the client by the authentication server.
scope
String Optional. Specify the name of one or more scopes required by the client. Use a space to separate multiple scopes.
The value for scope must match or be a subset of the value you provided for the pub.oauth:authorize and pub.oauth:getAccessToken services.
The scope of the refresh token can be smaller than the original request. It cannot contain any scope tokens that were not in the original request.
Output Parameters
access_token
String The access token issued by the authorization server.
token_type
String The type of access token issued by the authorization server. The value is Bearer.
expires_in
String The number of seconds for which the access token is valid.
refresh_token
String The refresh token issued by the authorization server. You can use this token to obtain new access tokens using the same authorization grant.
scope
String Conditional. The name of the scopes requested by the client.
Usage Notes
The pub.oauth:refreshAccessToken service is deprecated. Use pub.oauth:getToken instead.
The pub.oauth:refreshAccessToken service is used with authorization grant flows only.
The pub.oauth:refreshAccessToken service must be invoked using HTTPS unless the Require HTTPS setting on the Security > OAuth > Edit OAuth Global Settings page is disabled.
Clients must invoke this service via an HTTP POST request unless the watt.server.oauth.requirePost server configuration parameter is set to false. When this parameter is set to false, clients can invoke this service using HTTP GET.
Confidential clients must authenticate requests by supplying their credentials in the HTTP Authorization header.
The token_type output parameter is always Bearer. The authorization server retains the information about the bearer tokens it issues, including the user information. When the client presents a bearer token to the resource server, the resource server checks with the authorization server to see whether the user is allowed to access the requested folders and services.