Refresh Token

Access tokens have a finite lifetime, often specified in the response with the token. If the client needs a long lived access to a token, a refresh token can be used to request new access tokens. Fetching new tokens with a refresh tokens does not require any user interactions or interuptions.

You can request a refresh token by adding a scope called offline_access to the scope parameter when fetching a token. Only clients with offline access enabled will respond with a refresh token.

Token refresh request

Fetch a usable access token by calling the POST /connect/token endpoint. Make sure you include in the request a grant_type=refresh_token together with the supplied refresh_token, your client_id and client_secret.

POST /connect/token

RequestRequestResponse

Copy

Copied

POST https://id.aritma.io/{tenant}/connect/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded

  client_id=CLIENT_ID&
  client_secret=CLIENT_SECRET&

  grant_type=refresh_token&
  refresh_token=REFRESH_TOKEN

Copy

Copied

POST https://id.aritma.io/{tenant}/connect/token HTTP/1.1
Content-type: application/x-www-form-urlencoded
Authorization: Basic xxxxx

  grant_type=refresh_token&
  refresh_token=REFRESH_TOKEN

Copy

Copied

HTTP/1.1 200 OK
Content-Type: application/json
{
  "access_token":"eyJz93a...k4laUWw",
  "token_type":"Bearer",
  "expires_in":86400,
  "scope":"SCOPE"
}

Parameter	Description
`grant_type` (required)	Denotes the flow you are using. For Client Credentials use `refresh_token`.
`client_id` (required)	Your application's Client ID.
`client_secret` (required)	Your application's Client Secret
`refresh_token` (required)	The refresh token.