JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

1 of 4

Refreshing Access Tokens

Introduction

2 of 4

Client Application

Authorization

Server

Resource Server

Request an Access Token

Access Token & Refresh Token

Request protected resource

Protected Resource

Request protected resource

Invalid Token

Refresh Access Token

NEW Access Token & Refresh Token

3 of 4

{

"access_token": "eyJhbGciOiJSUz...",

"expires_in": 300,

"refresh_expires_in": 1800,

"refresh_token": "eyJhbGciOiJIUzI1NiIsIn...",

"token_type": "bearer",

"not-before-policy": 1593436696,

"session_state": "4ace79d4-29e9-458f-8253-57e1c194f74b",

"scope": "profile"

}

{

"access_token": "eyJhbGciOiJSUz...",

"expires_in": 300,

"refresh_expires_in": 0,

"refresh_token": "eyJhbGciOiJIUzI1NiIsI...",

"scope": "offline_access email openid",

...

}

Expires in 30 minutes

Never expires

4 of 4

curl --location --request POST 'http://localhost:8080/auth/realms/appsdeveloperblog/protocol/openid-connect/token' \

--header 'Content-Type: application/x-www-form-urlencoded' \

--data-urlencode 'grant_type=refresh_token' \

--data-urlencode 'client_id=offline_access_client' \

--data-urlencode 'client_secret=b79aa657-0bef-4c23-becd-14b6049ed5c3' \

--data-urlencode 'refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJlYWQyMDZmOS05MzczLTQ1OTAtOGQ4OC03YWNkYmZjYTU5MmMifQ.eyJleHAiOjE1OTUyNzMzMzIsImlhdCI6MTU5NTI3MTUzMiwianRpIjoiOWNhMDM3YWEtNDRmZi00MDYxLThmOTAtODBmMzAzMTJiMzNmIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL2FwcHNkZXZlbG9wZXJibG9nIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL2FwcHNkZXZlbG9wZXJibG9nIiwic3ViIjoiMWRkZTNmYzMtYzZkYi00OWZiLTliM2QtNzk2NGM1YzA2ODdhIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6Im9mZmxpbmVfYWNjZXNzX2NsaWVudCIsInNlc3Npb25fc3RhdGUiOiI0YWNlNzlkNC0yOWU5LTQ1OGYtODI1My01N2UxYzE5NGY3NGIiLCJzY29wZSI6InByb2ZpbGUifQ.oeRL-UkkI3EnCDBsbQDrcRD5lE8_LidDiKwEIuJRFJM'