refreshTokens
client.refreshTokens({
refreshToken: string,
scope: string
})
About this command
Implements the refresh token grant. This retrieves a new refresh and access token with the current refresh token.
| Redeeming a new refresh token invalidates the consumed access/refresh token (AT/RT) pair. |
| Check out our Refresh tokens guide for more information on how refresh tokens operate. |
Examples
client
.refreshTokens({
refreshToken: 'eyJ0eXAiOiJKV1QiL...',
scope: 'openid profile phone full_write'
})
.then(authResult => {
// Retrieves the refresh token
})
.catch(err => console.error(err))Parameters
refreshToken |
The refresh token used to generate the new refresh token. |
scope |
List of space-delimited, case-sensitive strings representing the requested scope. |
Response
Type: Promise<AuthResult>
AuthResult object fields
| Field | Type | Description | ||
|---|---|---|---|---|
|
The user’s access token. This a security token that gives access to authorized resources without further identification. It is represented as a JSON Web Token (JWT). |
|||
|
The lifetime of the access token (in seconds).
|
|||
|
The type of token that is issued.
|
|||
|
The user’s refresh token.
|
|||
|
The user’s ID token. This is a security token that contains authentication claims about the user. It is represented as a JSON Web Token (JWT).
|
|||
|
The body of the ID token which outlines the claims. See ID token payload for more details.
|
|||
|
The authorization code received from the initial authorization call. |
|||
|
An opaque value used to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. |
|||
|
The step up token needed to complete the stepup flow. |
|||
|
The Authentication Method Reference (
|
|||
|
The name of the social login provider used to log in.
|
|||
|
The access token from the social login provider.
|
ID token payload
The possible claims to assert about an authenticated user are outlined in the table below.
| Field | Type | Description | ||
|---|---|---|---|---|
|
The type of authentication used. allowed values:
|
|||
|
The birthdate of the profile, represented as an ISO 8601 |
|||
|
The primary email address of the profile. |
|||
|
True if the user’s e-mail address has been verified; otherwise false. |
|||
|
The expiration time claim identifies the point in time (as a Unix timestamp) on or after which the JWT must not be accepted for processing. Example
|
|||
|
The family name of the profile.
|
|||
|
The given name of the profile.
|
|||
|
The gender of the profile.
|
|||
|
The time (as a Unix timestamp) at which the JWT was issued. Example
|
|||
|
The issuer claim identifies the principal that issued the JWT. |
|||
|
The profile’s language code in lowercase and country code in uppercase, separated by a dash (eg |
|||
|
The full name of the profile. |
|||
|
Whether the profile is new. |
|||
|
The subject claim that identifies the profile. |
|||
|
The URL of one of the user’s profile pictures. This URL refers to an image file (PNG, JPEG, or GIF image file). |
|||
|
The URL of one of the user’s profile pages (usually a social provider’s page). |
|||
|
The time the profile’s information was last updated. |
|||
|
The time when end user authentication occurred. The time represents the first authentication of a given underlying session. This is represented as a Unix timestamp. Example
|