Passport docs
  • Getting started
  • Integrations
    • Sign in with Passport
    • Apply with Passport
    • Easy Apply
  • Authentication
    • Overview
    • Authorization Code Flow (3-legged OAuth)
    • Client Credential Flow (2-legged OAuth)
    • Refresh Token
    • Token Debugging
Powered by GitBook
On this page
  1. Authentication

Refresh Token

Tip: To protect members data, Passport does not generate long-lived access tokens.

Make sure your application refreshes access tokens before they expire, to avoid unnecessarily sending your application's users through the authorization process again.

Refreshing an access token is a seamless user experience. To refresh an access token, go through the authorization process again to fetch a new token. This time however, in the refresh workflow, the authorization screen is bypassed, and the member is redirected to your redirect URL, provided the following conditions are met:

  • The member is still logged into onepassport.eu

  • The member's current access token has not expired

If the member is no longer logged in to onepassport.eu or their access token has expired, they are sent through the normal authorization process.

To use the refresh token, make a POST request to the service’s token endpoint with grant_type=refresh_token, and include the refresh token as well as the client credentials.

curl --request POST \
--url 'https://auth.onepassport.eu/token?grant_type=refresh_token&refresh_token=66bb4b9f257282c8b0390494001516e3ca941923&client_id=EqhzuQFdE35NvLQnvzs4jccpGaJCYE7P&client_secret=5mrywDLGfERhrra66n5NC4tNNS3LGFDyBn6dh8jp3qqXi7eBAjd7xHpk3MaqLzTwA93a8yMqzo9kETs3puNw4h7EPNj8CLBa7KBRtaNGKLj7dT7GDfJyRm4igRjfXNYn'
PreviousClient Credential Flow (2-legged OAuth)NextToken Debugging

Last updated 3 years ago