Refresh Token (OAuth 2.0)

The access token is generated by the Tokens API (root) through the OAuth 2.0 endpoints and contains the account ID (sub claim) as well access scopes (scope claim).

Key properties you can configure for the refresh token are:

token lifetime (exp)

An example refresh token:

{
  "https://api.quasr.io/claims/typ": "oauth2:refresh", // type
  "https://api.quasr.io/claims/max": 1973910487, // max validity
  "https://api.quasr.io/claims/use": 1, // one-time use
  "scope": "openid", // scopes
  "client_id": "abe5ffb6-2f03-492d-8424-184e28685b10", // holder ID
  "sub": "ffd99cbb-f322-4dcf-8c64-48cc26c55c62", // account ID
  "jti": "4087c981-6346-497b-8f0d-e659e7bdd8e3", // token ID
  "aud": "https://api.quasr.io",
  "iss": "https://b62a482d-7365-4ae9-85a5-1453b3b0d5b1.api.quasr.io", // tenant ID
  "iat": 1642352886, // issued at
  "nbf": 1642352886, // not before
  "exp": 1673910486 // expires at
}

The refresh token should be kept secure by the application and can only be used once.

PreviousAccess Token (OAuth 2.0)NextID Token (OIDC 1.0)

Last updated 2 years ago