Skip to main content
Skip table of contents

Re-authenticating using the refresh token

Request

The initial access token is typically only valid for a short time. (The refresh token typically has a longer validity.) The client must:

  1. Use the refresh token to re-authenticate when the access token expires.
  2. When the refresh token expires, re-authenticate again.

To re-authenticate using the refresh token, send a POST request to:

CODE 
https://<host>:<port>/ags/refresh

Headers

  • Authorization – the refresh token that was returned during initial sign-on 
  • x-correlation-id – identifier for logging, to correlate messages across a call flow
  • x-auth-service-id – the ID of the authentication (SSO) service to be used for authentication (mandatory)
  • nv-tenant-id – the tenant ID

Mandatory arguments

  • Authorization – (in header) – see above
  • x-auth-service-id – (in header) – see above

  • parameters – an array of parameters. These are defined in the response to the GET /servicediscovery request.
    Each member of the array is a key/value pair in the following form:

    CODE 
    {
  "parameters": [
    {
       "name": "<name>",
       "value": "<value>"
    }
  ]
}

Other arguments

None

Example

A POST request with this payload re-authenticates:

CODE 
{
  "parameters": [
    {
      "name": "username",
      "value": "dave"
    }
  ]
}

Note that the contents of the parameters block depend on the requirements of the SSO provider.

Response

A successful request returns an HTTP 200 status.

A bad request returns an HTTP 400 status.

An unauthorised request returns an HTTP 401 status.

A forbidden request returns an HTTP 403 status.

Example

A successful response looks like this:

CODE 
{
  "access_token": "eyJraWQiOiIyNTk2MjkiLCJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2NvdW50UHJvZmlsZUlkIjoiREVGQVVMVCIsInRlbmFudElkIjoibmFncmEiLCJmaWx0ZXJpbmdJbmZvcm1hdGlvbiI6e30sImJsb2NraW5nSW5mb3JtYXRpb24iOnt9LCJhY2NvdW50SWQiOiIxNjYzIiwidXNlcklkIjoiMTY2MyIsInZlciI6IjEuMCIsImdlb0Jsb2NrRXhlbXB0IjpmYWxzZSwicGFyZW50YWxDb250cm9sIjpudWxsLCJ0eXAiOiJEZXZBdXRoTiIsImp0aSI6IjQ3ODkwMjM0MjM3MTQwODk0NzgiLCJwbGF5b3V0RGV2aWNlQ2xhc3MiOm51bGwsImRldmljZUlkIjoiUFVCXzk4OSIsImV4cCI6MTY1NDg3NzA5MywiZml4ZWRfZXhwIjoxNjU3NDY1NDkzLCJvbk5ldHdvcmsiOnRydWUsInNlc3Npb25Db250cm9sIjp7Im1heFNlc3Npb25zIjozLCJzZXNzaW9uQ29udHJvbEVuYWJsZWQiOnRydWV9LCJiaWxsaW5nQ291bnRyeUNvZGUiOiJFbXB0eUNvdW50cnkifQ.y9tc1RZVS8un0N1oHHEnRAJeM6frgjlLrbzBgCXjqXk",
  "refresh_token": "eyJraWQiOiIyNTk2MjkiLCJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2ZXIiOiIxLjAiLCJ0ZW5hbnRJZCI6Im5hZ3JhIiwic2Vzc2lvbkNvbnRyb2wiOnsibWF4U2Vzc2lvbnMiOjMsInNlc3Npb25Db250cm9sRW5hYmxlZCI6dHJ1ZX0sImFjY291bnRQcm9maWxlSWQiOiJERUZBVUxUIiwiZGV2aWNlSWQiOiJQVUJfOTg5IiwiZml4ZWRfZXhwIjoxNjU3NDY1NDkzLCJleHAiOjE2NTUwNDYyOTMsImFjY291bnRJZCI6IjE2NjMiLCJqdGkiOiI0Nzg5MDIzNDIzNzE0MDg5NDc4IiwidXNlcklkIjoiMTY2MyIsInR5cCI6IlJlZnJlc2hBdXRoTiJ9.ipL6gundtQ8Iai5qTXPpO6sviEAdLwP0Bt9aDO95yuc",
  "client_id": "PUB_989",
  "accountId": "1663",
  "token_type": "bearer",
  "expires_in": 3600,
  "refresh_expires_in": 172800,
  "fixed_refresh_expires_in": 2592000
}

See also

For full details of this API, see the Authentication Gateway Service (AGS) API documentation.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close