This documentation is for WSO2 Identity Server 5.3.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A refresh token has to be obtained before using it with a grant type such as the authorization code or password grant type. Using the obtained refresh token, you can obtain a new access token along with a renewed refresh token without having to go through any other additional steps.

The diagram below illustrates the refresh token grant flow.

Image Added

Configurations

  1. The <RefreshTokenValidityPeriod> element is in seconds. By default, it is valid for one day. Configure it accordingly. 
  2. The <RenewRefreshTokenForRefreshGrant> element is set to true by default.

    Info

    The refresh token is renewed when the refresh grant is used to get an access token. A new refresh token is issued with a new expiry time and the previous refresh token is made inactive and can no longer be used. If this element is set to false, unless the refresh token has expired, the same refresh token is returned.

    Code Block
    languagexml
    themeEclipse
    <!-- Validity period for refresh token -->
    < RefreshTokenValidityPeriod > 84600 < /RefreshTokenValidityPeriod>
        ...
        <!-- Enable renewal of refresh token for refresh_token grant -->
        < RenewRefreshTokenForRefreshGrant > true < /RenewRefreshTokenForRefreshGrant>

...