Refresh Tokens with OIDC

Refresh Tokens with OIDC

With the OIDC-conformant pipeline, refresh tokens:

In addition, differences exist in the refresh token structure. To learn more, read Refresh Tokens.

Legacy (delegation)

POST /delegation
Content-Type: 'application/json'
{
  "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
  "client_id": "...",
  "refresh_token": "...",
  "scope": "openid profile"
}

Was this helpful?

/

OIDC-conformant (token endpoint)

POST /oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&refresh_token=123&client_id=123&client_secret=123&scope=openid+profile&audience=https%3A%2F%2Fapi.example.com

Was this helpful?

/

  • audience and client_secret parameters are optional.

  • client_secret is not needed when requesting a refresh_token for a public application.

Learn more