How to refresh access token using refresh token? RRS feed

  • Question

  • User-1634202039 posted

    I can't find a tutorial or a code example where it shows how/when to refresh the access token. How to implement refreshing the new access token when it is about to expire?

    This is what I have so far:

    This is the class where to get the new access token and refresh token.

    namespace DemoApp
        public class Tokens
            public string access_token { get; set; }
            public string token_type { get; set; }
            public int expires_in { get; set; }
            public string refresh_token { get; set; }
        public class AccessToken 
            public void GetNewAccessToken()
                Tokens localTokens = new Tokens();
                var client = new RestClient("www.example.com/api/token");
                var request = new RestRequest(Method.POST);
                request.AddHeader("content-type", "application/x-www-form-urlencoded");
                request.AddParameter("application/x-www-form-urlencoded", "grant_type=refresh_token&refresh_token=" + localTokens.refresh_token, ParameterType.RequestBody);
                IRestResponse response = client.Execute(request);
                var responseContent = response.Content;
                var newTokensList = new JavaScriptSerializer().Deserialize<Tokens>(responseContent);
                localTokens.access_token = newTokensList .access_token;
                localTokens.refresh_token = newTokensList .refresh_token;

    This is the class where it call the API, with the new Access Token, to get the new data.

    namespace DemoApp
        public class API
            public Data()
                public void CallAPI()
                    Tokens tokens = new Tokens();
                    var client = new RestClient("www.example.com/api");
                    var request = new RestRequest(Method.GET);
                    request.AddHeader("authorization", "Bearer " + tokens.access_token);
                    request.AddHeader("accept", "application/json; charset=utf-8");
                    IRestResponse response = client.Execute(request);
                    var data = response.Content;
    Tuesday, April 21, 2020 8:31 PM

All replies

  • User-474980206 posted

    typically refresh token are used to get access tokens (which usually expire quicker). a refresh token usually has a long expiration (days or months) and can be stored in persistent store. when you need an access token, you pass the refresh token rather than credentials. if the refresh token is expired (or no longer valid), you ask for a new refresh token which will require login in again.

    so the typical workflow:

    1. get the users refresh token from storage
    2. request the access token for the resource using the refresh token
    3. request the resource with the access token

     if step 2 fails:

    1. ask for refresh token which may require a login
    2. store the refresh token
    3. start at step 2 above

    Tuesday, April 21, 2020 8:42 PM
  • User-1634202039 posted

    But how to implement "when to get the new access token"? 

    Also, can you use the new refresh_token that came with the new access_token for the next refreshing access token. Or it should be like you mention in "if step 2 fails"? 

    Tuesday, April 21, 2020 8:52 PM
  • User-474980206 posted

    The tokens have their expiration time, so your code can just check the expire before using. But even an unexpired token can be rejected (say a password change rule revokes all tokens).

    so if you have an unexpired access token use it. If it’s expired or rejected, use the refresh token if not expired to get a new access token. If the get access token is rejected or the refresh token is expired, then request a new refresh token.

    Wednesday, April 22, 2020 2:03 AM
  • User711641945 posted

    Hi iadn,

    For refresh access token using refresh token,I suggest that you could refer to:


    Best Regards,


    Wednesday, April 22, 2020 8:32 AM
  • User-2054057000 posted

    Refresh token comes in 2nd step. In most cases you need to make a new api request to get this refresh token. Consider reading this article where access token step is performed. 

    Wednesday, April 22, 2020 9:47 AM