Refreshing a token
By default, access tokens expire after three days. After a token has expired, it can no longer be used. To reduce the need for re-authorizing, the token response from the previous section contains a refresh_token
. This token can be used to request a new access_token
(and thus also a new refresh_token
) using the "refresh_token" grant-type. By default, a refresh_token
expires in 365 days, and can only be used once.
A refresh_token
can only be used to request a new access_token
, not to authenticate requests to the ​OpenTicket systems.
You can request a new token using the refresh_token
by creating a POST request to https://auth.openticket.tech/tokens
with a payload containing the following information:
grant_type
: the type of grant needed, in this case "refresh_token."refresh_token
: the refresh token parameter from the original token request.client_id
: the same identifier as used in the original token request. Provided after creating the OAuth Client on the dashboard.client_secret
: the same secret as used in the original token request. Provided after creating the OAuth Client on the dashboard.
See the following code blocks for examples of such requests. Just like before, some information above is stored in the form of environment variables.
- PHP
- GO
- Node
- Shell
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_HTTPHEADER => [
"Content-Type: application/json"
],
CURLOPT_POSTFIELDS => [
"grant_type" => "refresh_token",
"refresh_token" => $refreshToken,
"client_id" => env("OAUTH_CLIENT_ID", ""),
"client_secret" => env("OAUTH_CLIENT_SECRET", "")
],
CURLOPT_URL => "https://auth.openticket.tech/tokens"
]);
$response = curl_exec($curl);
curl_close($curl);
echo $response;
payloadBuf := new(bytes.Buffer)
json.NewEncoder(payloadBuf).Encode({
"grant_type": "refresh_token",
"refresh_token": refreshToken,
"client_id": os.Getenv("OAUTH_CLIENT_ID"),
"client_secret": os.Getenv("OAUTH_CLIENT_SECRET")
})
req, _ := http.NewRequest("PUT", "https://auth.openticket.tech/tokens", bytes.NewBuffer(body))
req.Header.Add("Content-Type", "application/json")
resp, _ := http.DefaultClient.Do(req)
respBody, _ := io.ReadAll(resp.Body)
fmt.Println(string(respBody))
const options = {
"method": "POST",
"headers": {
"Content-Type": "application/json"
},
"body": JSON.stringify({
"grant_type": "refresh_token",
"refresh_token": refreshToken,
"client_id": process.env.OAUTH_CLIENT_ID,
"client_secret": process.env.OAUTH_CLIENT_SECRET
})
};
fetch("https://auth.openticket.tech/tokens", options)
.then(response => response.json())
.then(response => console.log(response))
curl -X POST \
-H "Content-Type: application/json" \
-F "grant_type=refresh_token" \
-F "refresh_token=$refreshToken" \
-F "client_id=$ENVOAUTH_CLIENT_ID" \
-F "client_secret=$ENVOAUTH_CLIENT_SECRET" \
"https://auth.openticket.tech/tokens"
The response structure is equal to requesting a token using the authorization_code
grant
{
"token_type": "Bearer",
"expires_in": 259200,
"access_token": "NEW_ACCESS_TOKEN",
"refresh_token": "NEW_REFRESH_TOKEN",
"refresh_token_expires_in": 31535999,
"info": {
...
}
}
When the refresh token has expired, a user must re-authorize the access of the application access.