Description
As a security measure, the access tokens have a valid time after which they expire and cease to be useful, (see the specification). If the client application needs to access an authenticated user’s private data, but the access_token is no longer valid, it must make a request to refresh the Access Token to get a new valid token relating to the user.
So that AuthNZ knows it has to update an expired Access Token, the client application must inform of this fact by means of a POST request to https://savvistest.cocacola.es/oauth2/token sending the following parameters:
Endpoint URL:
POST https://{your-endpoint-domain.com}/oauth2/token
Request parameters
Parameter | Description | Type |
grant_type | The value must be set to refresh_token | string |
refresh_token | the refresh token that is obtained in the authentication process. | string |
client_id | Identifier of the client application. | string |
client_secret | Secret of the client application. | string |
cURL Request example
Response
Once the OAuth server interprets the request to update the access token, it will return a new valid Access Token for the user.