Refresh Tokens

If one already has a refresh token and the access token has expired, one will need to get another access token using the refresh token. Call the token endpoint specified in the discovery document and pass the grant type and the token. Doing so will get a new access token.

Utilizing Supported Scopes at the discovery endpoints can offer specific tokens in response. For example, including offline_access provides a refresh token that can be used while not logged in.

Note, the grant type and the refresh token are sent in the body, not the query string.

POST https://auth.agsync.com/core/connect/token
Authorization: Basic [the client id and the secret base 64 encoded]
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&refresh_token=[refresh token here]

Example

If the client id was 'username' and the client secret was 'password', the Authorization header would look like this:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

The code with those credentials would look like this:

base64encode(“username” + “:” + “password”)

Refresh Tokens

Example​

Example