Refresh token endpoint

Endpoint URL: POST /oauth2/token

Endpoint is used for exchanging refresh token for access token. Note that this is the same endpoint that is used for exchanging authorization code for access token, what is different is the grant_type parameter, which should be set to refresh_token. Authentication to this endpoint can be done both ways with Authorization header same as in token endpoint or by specifying client_id and client_secret as parameters.

Request

Example request for new access token
$ curl --location --request POST 'https://connect.okonto.pl/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'refresh_token=11fcb623bd60dc516693e44c9da9efc6ffb2debc0add36ec6d510d9f7522b506cs' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_id=www.example.com.front.onetapi.pl' \
--data-urlencode 'client_secret=g9alssde0fltp05ds7em'

Parameters:

  • refresh_token - value you received from token endpoint

  • client_id - value you received during client registration

  • client_secret - value you received during client registration

Headers:

  • Content-Type - should be set to application/x-www-form-urlencoded and parameters should be send in this format

Response

Example response for getting token request
{
    "access_token": "047b0a8339c7fb9f623d3e2e8ae69c2z3eh5r4df1501pa34cba8439f7d0c2c1fcs",
    "token_type": "bearer",
    "expires_in": 36000,
    "refresh_token": "3786016856301de8f1e7b47036op24df820e683863e2908fb7544ceb9737f1d8cs"
}

Errors handling

  • 400 BAD REQUEST - for all client side errors like: lack of authorization code, wrong authorization code, invalid credentials in Authorization header.

  • 503 SERVICE UNAVAILABLE - for problems encountered on the server side.