Access token expiry
Whenever an access token expires, the client can regenerate the access tokens without any additional confirmation from the end-user if they had enabled Grant access for the entire session on the OAuth prompt page. Once granted, the access tokens can be refreshed until the end-user terminates their session.
URI endpoint: <AccountsServer>/oauth/v2/auth/refresh
HTTP Request Type: GET
Mandatory parameters:
- client_id - Obtained during registration
- response_type=token - Constant
- state - This will be sent back to the client. This is used to avoid CSRF attacks.
- redirect_uri - The URL to which the Access Token will be sent. This should be the same as registering during registration.
- scope - Comma separated scopes for which access is needed.
Troubleshoot error codes when refreshing access tokens
client_not_granted - The user hasn't granted permission for that session or may have signed out of the session.
prompt_required - The scopes mentioned are not granted by the user for that client. The error occurs when you add scopes in oauth/v2/auth/refresh that are not in oauth/v2/auth.
Sample HTTP Request
Copiedhttps://accounts.zoho.com/oauth/v2/auth/refresh?
client_id=1000.GMB0YULZHJK411248S8I5GZ4CHUEX0&
response_type=token& scope=AaaServer.profile.Read&
redirect_uri=https://www.zylker.com/oauthredirect
Sample HTTP Response
After verifying your JavaScript domain, we will send the access token to the redirect URI.
Copiedhttps://www.zylker.com/oauthredirect#&
access_token=1000.a9a2690d6d5052d3728c6e330bfabad.a8ae8ab5bf3a8d7e08b8d9eafe52ea2d&
expires_in=3600&
location=us