This documentation is for WSO2 Identity Server 5.1.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


In order to use this grant type, a refresh token needs to be already received when using a grant type like authorization code, password or client credentials. Then using this received refresh token, a new access token can be received along with a new refresh token without going through any other additional steps.


This can configurations are done in the <IS_HOME>/repository/conf/identity/identity.xml file.

  1. The <RefreshTokenValidityPeriod> element is in seconds. By default, it is valid for one day. You can configure this accordingly. 
  2. The <RenewRefreshTokenForRefreshGrant> element is by default set to true.


    The refresh token is renewed when the refresh grant is used to get an access token. A new refresh token is issued with a new expiry time and the previous refresh token is then inactive and can no longer be used.

    If this element is set to false, unless the refresh token has expired, the same refresh token is returned.

Code Block
		<!-- Validity period for refresh token -->
        <!-- Enable renewal of refresh token for refresh_token grant -->