Refresh Token

Through the Hybrid Flow, it is possible to have returned refresh tokens. When the access token expires, the application can use the refresh token to obtain a new access token. It can do this behind the scenes, and without the user’s involvement, so that it’s a seamless process to the user. When you request a new access token, you get a new refresh token, which then is valid for 12 months. And then the previous refresh token is no longer valid.

You'll obtain refresh token and access token via the following Token endpoint

Refresh Token 

  • It is valid for 1 year, and is a substitute for long-living tokens. 
  • When the Access Token is expired, you use the Refresh Token to get a new set of tokens. 
  • The IT integrator can exchange their refresh token for a new pair of access token and refresh token.

 read more here

As long as you’ve obtained the access token and refresh token, you do not need to think about Authorization Code. Especially since you are only required to deliver the access token in the API request. You do not deliver the Authorization Code in the API request.  

You need to handle token expiration, and this is done without user interaction. This means, that the user does not need to give you consent again. That is an important point to make, and it is also easier for you, that you will not need to think about the user interaction.

In order to do so, you simply call the token endpoint and Parameter {grant_type} must be refresh_token.

how long is it?it is always 64 chars


Requesting a token using the refresh_token Grant Type

The RequestRefreshToken extension method has convenience properties for the refresh_token grant type:

var response = await _client.RequestRefreshTokenAsync(new RefreshTokenRequest
    Address = TokenEndpoint,

    ClientId = "client",
    ClientSecret = "secret",

    RefreshToken = "xyz"

read more here