postman - exchanging token using refresh token example

 

It is quite common to exchange for a new set of token with new expiry times in an oauth application. You typically need the following setup as shown here.

Before you can do this, you must have logged in gotten your 1st set of access token / refresh token - and it has scope to offline_access.

Then in the POST endpoint below (first red rectangle) - provide your token endpoint. 

Then provide the setup shown below: 

You should get a new sets of token 

I guess altho client in auth0 are protected with a secret - I can get away without providing client_secret. 

Altho for the record, i did setup the client as a SPA application which is an open client and can't hold password. 

If you prefer the curl 

curl --location 'YOUR-TOKEN-ENDPOINT' \

--header 'Content-Type: application/x-www-form-urlencoded' \

--header 'Authorization: Bearer YOUR-ACCESS-TOKEN' \

--header 'Cookie: did=s%3Av0%3A699f7290-f0b8-11ee-b580-9d803a0bd79c.3XA2ahamJPcJWt7b35fbqtFq%2FqoXEKWSHGigUkAugUc; did_compat=s%3Av0%3A699f7290-f0b8-11ee-b580-9d803a0bd79c.3XA2ahamJPcJWt7b35fbqtFq%2FqoXEKWSHGigUkAugUc' \

--data-urlencode 'client_id=YOUR-CLIENT-ID' \

--data-urlencode 'client_secret=YOUR-CLIENT-SECRET' \

--data-urlencode 'refresh_token=YOUR-REFRESH-TOKEN' \

--data-urlencode 'grant_type=refresh_token'