# Refresh Token

Access tokens have a finite lifetime, often specified in the response with the token. If the client needs a long lived
access to a token, a refresh token can be used to request new access tokens. Fetching new tokens with a refresh tokens
does not require any user interactions or interuptions.

You can request a refresh token by adding a scope called `offline_access` to the scope parameter when fetching a token.
Only clients with offline access enabled will respond with a refresh token.

## Token refresh request

Fetch a usable access token by calling the `POST /connect/token` endpoint. Make sure you include in the request a `grant_type=refresh_token` together with the
supplied `refresh_token`, your `client_id` and `client_secret`.

### POST /connect/token


```HTTP
POST https://id.aritma.io/{tenant}/connect/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded

  client_id=CLIENT_ID&
  client_secret=CLIENT_SECRET&

  grant_type=refresh_token&
  refresh_token=REFRESH_TOKEN
```


```HTTP Request
POST https://id.aritma.io/{tenant}/connect/token HTTP/1.1
Content-type: application/x-www-form-urlencoded
Authorization: Basic xxxxx

  grant_type=refresh_token&
  refresh_token=REFRESH_TOKEN
```


```HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
{
  "access_token":"eyJz93a...k4laUWw",
  "token_type":"Bearer",
  "expires_in":86400,
  "scope":"SCOPE"
}
```

| Parameter | Description |
|  --- | --- |
| `grant_type` (required) | Denotes the flow you are using. For Client Credentials use `refresh_token`. |
| `client_id` (required) | Your application's Client ID. |
| `client_secret` (required) | Your application's Client Secret |
| `refresh_token` (required) | The refresh token. |