Refresh Token Flow

Obtain new access tokens without user interaction using a refresh token (RFC 6749 §6). Refresh tokens are long-lived credentials that allow the client to maintain access after the access token expires.

Try in Looking Glass

Sequence Diagram

Click any step for details

ClientAuth Server1Refresh Token Request2New Token Response
Request
Response
Redirect
Internal

Step-by-Step Breakdown

1
Refresh Token Request
ClientAuthorization Server
2
New Token Response
Authorization ServerClient

Token Inspector

Specs for this flow

Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.

Core specs

· The specifications that define this protocol.

Security & privacy

· Dedicated security and privacy considerations.