Home
PartPay

Refresh Tokens

Refresh tokens are long-lived tokens, that need to be securely stored against a user on the Merchant site. It is important these are never exposed to users etc. They are exchanged for access tokens from the IDP, which are short-lived.

Token exchange

Below is an example of a request to exchange a refresh token for an access token:

https://partpay.au.auth0.com/oauth/token
Content-Type: application/json

{ 
  "grant_type": "refresh_token"
	"client_id": "YOUR_CLIENT_ID", 
	"client_secret": "YOUR_CLIENT_SECRET", 
	"refresh_token": "YOUR_REFRESH_TOKEN" 
}

This will return a token in the following format:

{
  "access_token": "eyJ...MoQ",
  "expires_in": 86400,
  "scope": "openid offline_access",
  "id_token": "eyJ...0NE",
  "token_type": "Bearer"
}