OAuth 2.0 Refresh Token Grant

The Refresh Token Grant is used to send a refresh token, along with the Client ID and Client Secret of the OAuth application you registered in EmpowerID to the EmpowerID token endpoint in exchange for a new access token, a refresh token, and an ID token (when scope=openid) when the previously issued access token has expired. This article describes how to use this grant in your applications.

You can download sample .NET framework code at https://dl1.empowerid.com/files/OAuthTestSampleCode.zip

Refresh Token Grant

1. Initiate a request to the EmpowerID Token endpoint, https://<EID Server>/oauth/v2/token

POST /oauth/v2/token HTTP/1.1 Host: <EID Server> Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache   client_id={The Client ID of the OAuth app you registered in EmpowerID} &client_secret={The Client Secret of the OAuth app you registered in EmpowerID} &grant_type=refresh_token &refresh_token={The refresh token received when requesting an access token}

Header Parameter

Required/Optional

Description

Header Parameter

Required/Optional

Description

Content-Type

required

Must be application/x-www-from-urlencoded.

Post Body Parameter

Required/Optional

Description

Post Body Parameter

Required/Optional

Description

client_id 

required

Must be the EmpowerID OAuth application client identifier.

client_secret

required

Must be the EmpowerID OAuth application client secret.

grant_type

required

Must be refresh_token

refresh_token

required

Refresh token string for retrieving a new access token

2. Returns a new access token and refresh token (optionally ID token) in the response

{     "access_token": "xxxxxxxxxxxxxxxxxxxxxx",     "token_type": "Bearer",     "expires_in": 3600,     "refresh_token": "xxxxxxxxxxxxxxxxxxxxxx",     "id_token": null,     "id": "00000000-0000-0000-0000-000000000000" }

Refresh Token Grant using .NET Client Library

1. Initialize ClientSettings by passing the client_id, client_secret, redirect_uri, token_endpoint, authorization_endpoint, tokeninfo_endpoint and userinfo_endpoint. Also initialize a new RefreshTokenGrant by passing the clientSettings model.

var clientSettings = new ClientSettings(     “client_id”,     “client_secret”,     “redirect_uri”,     “https://<EID Server>/oauth/v2/token”,     “https://<EID Server>/oauth/v2/ui/authorize”,     “https://<EID Server>/oauth/v2/tokeninfo”,     “https://<EID Server>/oauth/v2/userinfo”);                var handler = new RefreshTokenGrant (clientSettings);

2. Call the GetAccessToken() method to retrieve the access_tokenrefresh_token, and other token related information.

IN THIS ARTICLE