Refresh Token

Through the Hybrid Flow, it is possible to have returned refresh tokens. When the access token expires, the application can use the refresh token to obtain a new access token. It can do this behind the scenes, and without the user’s involvement, so that it’s a seamless process to the user.  


  • The grant_type parameter should always have a value of refresh_token in this flow and the value of the refresh_token parameter should be the actual refresh token obtained by the client after some other flow, like the code flow, which included a refresh token.

 Token endpoint

Authorization Code 

  •  As long as you’ve obtained the access token and refresh token, you do not need to think about Authorization Code. Especially since you are only required to deliver the access token in the API request. You do not deliver the Authorization Code in the API request.  

how long is it?it is always 64 chars


Requesting a token using the refresh_token Grant Type

The RequestRefreshToken extension method has convenience properties for the refresh_token grant type:

var response = await _client.RequestRefreshTokenAsync(new RefreshTokenRequest
    Address = TokenEndpoint,

    ClientId = "client",
    ClientSecret = "secret",

    RefreshToken = "xyz"