As a security measure, the access tokens have a valid time after which they expire and cease to be useful, (see the specification). If the client application needs to access an authenticated user’s private data, but the access_token is no longer valid, it must make a request to refresh the Access Token to get a new valid token relating to the user.
So that AuthNZ knows it has to update an expired Access Token, the client application must inform of this fact by means of a POST request to https://savvistest.cocacola.es/oauth2/token sending the following parameters:
|grant_type||The value must be set to refresh_token||string|
|refresh_token||the refresh token that is obtained in the authentication process.||string|
|client_id||Identifier of the client application.||string|
|client_secret||Secret of the client application.||string|
cURL Request example
Once the OAuth server interprets the request to update the access token, it will return a new valid Access Token for the user.