EN / FR / DE

Refresh Token: Maintaining Access to Applications and Services

Introduction

A Refresh Token is used to maintain access to an application or service without requiring the user to log in repeatedly. After an Access Token has expired, the Refresh Token can be used to obtain a new Access Token without the user having to re-enter their login credentials. This keeps the connection to the application secure and user-friendly without requiring constant new login processes.

Process

After the user has successfully logged in to the application, the client receives an Access Token and a Refresh Token. The Access Token has a limited validity period, while the Refresh Token remains valid for a longer period. When the Access Token expires, the client sends a POST request to the token endpoint of the authorization server. In this request, the client transmits the Refresh Token, Client ID, and Client Secret. The server checks the validity of the Refresh Token and, if everything is correct, issues a new Access Token. This new token can then be used to continue accessing protected resources without the user having to log in again.

Example Code for a Refresh Token in Python

import requests
import time

def get_new_access_token(refresh_token, client_secret):
    url = "https://oauth2.hin.ch/REST/v1/OAuth/GetAccessToken"
    
    payload = f'grant_type=refresh_token&refresh_token={refresh_token}&client_id=ch.2ndlevel-cc&client_secret={client_secret}'
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded',
        'Cookie': 'ObSSOCookie=/examplee0Sgr3R5FiCiOt+cexample-'
    }

    response = requests.post(url, headers=headers, data=payload)

    print(response.text)

    if response.status_code == 200:
        token_data = response.json()
        new_access_token = token_data['access_token']
        # Optional: Return a new Refresh Token if it exists
        new_refresh_token = token_data.get('refresh_token', refresh_token)
        return new_access_token, new_refresh_token
    else:
        print(f"Error retrieving token: {response.status_code} - {response.text}")
        return None, refresh_token

# Example loop that regularly renews the Access Token
def main():
    refresh_token = 'rteqr4'  # Your initial Refresh Token
    client_secret = 'your_client_secret'  # Your Client Secret

    while True:
        # Code for using the Access Token would go here
        print("Using the Access Token to access resources...")
        
        # Obtain a new Access Token
        new_access_token, refresh_token = get_new_access_token(refresh_token, client_secret)
        
        if new_access_token:
            print(f"New Access Token obtained: {new_access_token}")
            # You can continue using the new Access Token here
        else:
            print("Error renewing token. Please check login credentials.")
            break  # Stop the loop if the token could not be renewed
        
        # Wait time to regularly renew the Access Token
        time.sleep(3600)  # e.g., wait 1 hour before renewing the token again

if __name__ == "__main__":
    main()