Token Reissue

Learn when and why you should reissue tokens and how to effectively implement this process

Token reissuance involves obtaining new access and refresh tokens without requiring users to re-authenticate. There are specific scenarios where token reissuing is essential:

Token Expiration: Access tokens have a limited lifespan for security reasons. When an access token is about to expire, you can reissue a new one to ensure uninterrupted service for your users.
Continuous Interaction: For applications that require continuous interaction, such as long-running server operations or user sessions, token renewal allows users to remain authenticated without interruption.
User Authorization Changes: If a user's permissions or scope change after they've obtained an access token, reissuing a token ensures they have the correct access levels.

To initiate the process of reissuing tokens, it's important to use a valid refresh token. The refresh token acts as the key to obtaining a new set of access and refresh tokens. During this process, the used refresh token becomes invalid, ensuring the security of your application.

Token reissuance involves making an API call to HyperID's token endpoint.

Request

POST /auth/realms/HyperID/protocol/openid-connect/token HTTP/1.1
Host: login.hypersecureid.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 123

grant_type=refresh_token
&refresh_token=your.refresh.token
&client_id=your_app_client_id
&client_secret=your_app_client_secret

This API call includes a grant_type equal to refresh_token to renew the access token, the actual refresh token as the refresh_token parameter, and the client_id and client_secret from your client's configuration settings (see to the Client Registration chapter for details).

Response

HTTP/1.1 200 OK
Content-Type: application/json
{
   "refresh_expires_in": 2592000,
   "refresh_token": "JWT-encoded token",
   "expires_in": 3600,
   "access_token": "JWT-encoded token"
}

The response is similar to the Obtain Tokens request.

Below are examples of the implemented 'Reissue Tokens' requests:

curl --location 'http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token=your.refresh.token' \
--data-urlencode 'client_id=your_app_client_id' \
--data-urlencode 'client_secret=your_app_client_secret'

var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/x-www-form-urlencoded");

var urlencoded = new URLSearchParams();
urlencoded.append("grant_type", "refresh_token");
urlencoded.append("refresh_token", "your.refresh.token");
urlencoded.append("client_id", "your_app_client_id");
urlencoded.append("client_secret", "your_app_client_secret");

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: urlencoded,
  redirect: 'follow'
};

fetch("http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/token", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

const axios = require('axios');
const qs = require('qs');
let data = qs.stringify({
  'grant_type': 'refresh_token',
  'refresh_token': 'your.refresh.token',
  'client_id': 'your_app_client_id',
  'client_secret': 'your_app_client_secret' 
});

let config = {
  method: 'post',
  maxBodyLength: Infinity,
  url: 'http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/token',
  headers: { 
    'Content-Type': 'application/x-www-form-urlencoded'
  },
  data : data
};

axios.request(config)
.then((response) => {
  console.log(JSON.stringify(response.data));
})
.catch((error) => {
  console.log(error);
});

import http.client

conn = http.client.HTTPSConnection("login.hypersecureid.com")
payload = 'grant_type=refresh_token&refresh_token=your.refresh.token&client_id=your_app_client_id&client_secret=your_app_client_secret'
headers = {
  'Content-Type': 'application/x-www-form-urlencoded'
}
conn.request("POST", "/auth/realms/HyperID/protocol/openid-connect/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "http://login.hypersecureid.com/auth/realms/HyperID/protocol/openid-connect/token");
var collection = new List<KeyValuePair<string, string>>();
collection.Add(new("grant_type", "refresh_token"));
collection.Add(new("refresh_token", "your.refresh.token"));
collection.Add(new("client_id", "your_app_client_id"));
collection.Add(new("client_secret", "your_app_client_secret"));
var content = new FormUrlEncodedContent(collection);
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());

By implementing token reissuance, you can enhance both the security and user experience of your application, ensuring that your users can seamlessly interact with your services while maintaining the highest level of protection for their data.

PreviousToken Validation NextToken Revocation and Logging Out

Last updated 7 months ago