Refreshing a token

By default, access tokens expire after three days. After a token has expired, it can no longer be used. To reduce the need for re-authorizing, the token response from the previous section contains a refresh_token. This token can be used to request a new access_token (and thus also a new refresh_token) using the "refresh_token" grant-type. By default, a refresh_token expires in 365 days, and can only be used once.

caution

A refresh_token can only be used to request a new access_token, not to authenticate requests to the ​OpenTicket systems.

You can request a new token using the refresh_token by creating a POST request to https://auth.openticket.tech/tokens with a payload containing the following information:

• grant_type: the type of grant needed, in this case "refresh_token."
• refresh_token: the refresh token parameter from the original token request.
• client_id: the same identifier as used in the original token request. Provided after creating the OAuth Client on the dashboard.
• client_secret: the same secret as used in the original token request. Provided after creating the OAuth Client on the dashboard.

See the following code blocks for examples of such requests. Just like before, some information above is stored in the form of environment variables.

PHP

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_HTTPHEADER => [
    "Content-Type: application/json"
  ],
  CURLOPT_POSTFIELDS => [
    "grant_type" => "refresh_token",
    "refresh_token" => $refreshToken,
    "client_id" => env("OAUTH_CLIENT_ID", ""),
    "client_secret" => env("OAUTH_CLIENT_SECRET", "")
  ],
  CURLOPT_URL => "https://auth.openticket.tech/tokens"
]);

$response = curl_exec($curl);
curl_close($curl);

echo $response;

GO

payloadBuf := new(bytes.Buffer)
json.NewEncoder(payloadBuf).Encode({
    "grant_type": "refresh_token",
    "refresh_token": refreshToken,
    "client_id": os.Getenv("OAUTH_CLIENT_ID"),
    "client_secret": os.Getenv("OAUTH_CLIENT_SECRET")
})

req, _ := http.NewRequest("PUT", "https://auth.openticket.tech/tokens", bytes.NewBuffer(body))

req.Header.Add("Content-Type", "application/json")

resp, _ := http.DefaultClient.Do(req)

respBody, _ := io.ReadAll(resp.Body)
fmt.Println(string(respBody))

Node

const options = {
  "method": "POST",
  "headers": {
    "Content-Type": "application/json"
  },
  "body": JSON.stringify({
    "grant_type": "refresh_token",
    "refresh_token": refreshToken,
    "client_id": process.env.OAUTH_CLIENT_ID,
    "client_secret": process.env.OAUTH_CLIENT_SECRET
  })
};

fetch("https://auth.openticket.tech/tokens", options)
  .then(response => response.json())
  .then(response => console.log(response))

Shell

curl -X POST \
  -H "Content-Type: application/json" \
  -F "grant_type=refresh_token" \
  -F "refresh_token=$refreshToken" \
  -F "client_id=$ENVOAUTH_CLIENT_ID" \
  -F "client_secret=$ENVOAUTH_CLIENT_SECRET" \
"https://auth.openticket.tech/tokens"

The response structure is equal to requesting a token using the authorization_code grant

{
  "token_type": "Bearer",
  "expires_in": 259200,
  "access_token": "NEW_ACCESS_TOKEN",
  "refresh_token": "NEW_REFRESH_TOKEN",
  "refresh_token_expires_in": 31535999,
  "info": {
    ...
  }
}

caution

When the refresh token has expired, a user must re-authorize the access of the application access.