/token grant_type=refresh_token

Owned by Lars-Erik Kindblad
Last updated: Mar 02, 2023 by sven.christiansen

Benyttes for å hente et nytt access-token når access-tokenet har utløpt

Spesifikasjoner

Request

URL: POST https://{miljø}/sts/oidcprov/v3/token

Content-type: application/x-www-form-urlencoded

Plassering

Navn

Type

Beskrivelse

Plassering

Navn

Type

Beskrivelse

Body

client_id

string

Påkrevd for public clients, benyttes ikke for confidential clients



client_assertion_type

string

Påkrevd for confidential clients, skal ha verdien "urn:ietf:params:oauth:client-assertion-type:jwt-bearer". Benyttes ikke for public clients.



client_assertion

string

Påkrevd for confidential clients. Benyttes ikke for public clients.



grant_type

string

"refresh_token"



refresh_token

string

Påkrevd



scope

string

Valgfritt, kan benyttes hvis behov for nedscoping

Response - Vellykket

Plassering

Navn

Type

Beskrivelse

Plassering

Navn

Type

Beskrivelse

Body

access_token

string

Nytt access_token



token_type

string

“Bearer”



expires_in

int

Hvor lenge det nye access_token er gyldig.

Response - Feilet

Mulige feilkoder:

HTTP-status kode

Feilkode (error)

Beskrivelse

HTTP-status kode

Feilkode (error)

Beskrivelse

400

invalid_request

The request is missing a required parameter, includes an
unsupported parameter value (other than grant type),
repeats a parameter, includes multiple credentials,
utilizes more than one mechanism for authenticating the
client, or is otherwise malformed

400

invalid_client

Client authentication failed (e.g., unknown client, no
client authentication included, or unsupported
authentication method). The authorization server MAY
return an HTTP 401 (Unauthorized) status code to indicate
which HTTP authentication schemes are supported. If the
client attempted to authenticate via the "Authorization"
request header field, the authorization server MUST
respond with an HTTP 401 (Unauthorized) status code and
include the "WWW-Authenticate" response header field
matching the authentication scheme used by the client.

400

invalid_grant

The provided authorization grant (e.g., authorization
code, resource owner credentials) or refresh token is
invalid, expired, revoked, does not match the redirection
URI used in the authorization request, or was issued to
another client.

400

unauthorized_client

The authenticated client is not authorized to use this
authorization grant type.

400

unsupported_grant_type

The authorization grant type is not supported by the
authorization server.

400

invalid_scope

The requested scope is invalid, unknown, malformed, or
exceeds the scope granted by the resource owner.

503



The authorization server is currently unable to handle
the request due to a temporary overloading or maintenance
of the server.