The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Difference between Refresh token and Access token used in OAuth2.0

Go to solution
Snow user2
Kilo Contributor

‎07-04-2021 05:19 AM

Can anyone tell me the basic difference between Refresh token and access token.

Labels:
0 Helpfuls
  • 19,451 Views
1 ACCEPTED SOLUTION

Go to solution
Sulabh Garg
Kilo Sage
Kilo Sage

‎07-04-2021 05:31 AM

Hello,

Please see the below docs link

 

https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/concept/c_...

Access Token A secure string that a client uses to access protected resources. An instance issues access tokens to clients that have a valid authorization grant. Each access token has a specific scope, lifespan, and other attributes.

By default, an instance issues access tokens with a 30-minute lifespan in the scenario where the instance is the OAuth provider. For third-party tokens, 30 days.
Refresh Token A credential that a client uses to obtain new access tokens without requiring additional user authorization. An instance issues a refresh token to a client when it is first authorized to have an access token.

By default, an instance issues refresh tokens with a 100-day lifespan in the scenario where the instance is the OAuth provider. For third-party tokens, 365 days.
Please Mark âś… Correct/helpful, if applicable, Thanks!!
Regards
Sulabh Garg

View solution in original post

2 REPLIES 2

Go to solution
Sulabh Garg
Kilo Sage
Kilo Sage

‎07-04-2021 05:31 AM

Hello,

Please see the below docs link

 

https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/concept/c_...

Access Token A secure string that a client uses to access protected resources. An instance issues access tokens to clients that have a valid authorization grant. Each access token has a specific scope, lifespan, and other attributes.

By default, an instance issues access tokens with a 30-minute lifespan in the scenario where the instance is the OAuth provider. For third-party tokens, 30 days.
Refresh Token A credential that a client uses to obtain new access tokens without requiring additional user authorization. An instance issues a refresh token to a client when it is first authorized to have an access token.

By default, an instance issues refresh tokens with a 100-day lifespan in the scenario where the instance is the OAuth provider. For third-party tokens, 365 days.
Please Mark âś… Correct/helpful, if applicable, Thanks!!
Regards
Sulabh Garg

Go to solution
Paritosh
Giga Expert

‎07-06-2021 04:07 AM

hi,

Refresh tokens are the credentials that can be used to acquire new access tokens.

  • The lifetime of a refresh token is much longer compared to the lifetime of an access token.

  • Refresh tokens can also expire but are quiet long-lived.

  • When current access tokens expire or become invalid, the authorization server provides refresh tokens to the client to obtain new access token.

 

An access token is a string that identifies a user, an application, or a page. The token includes information such as when the token will expire and which app created that token.

  • First, it is necessary to acquire OAuth 2.0 client credentials from API console.

  • Then, the access token is requested from the authorization server by the client.

  • It gets an access token from the response and sends the token to the API that you wish to access.

 

Please mark this helpful/correct.

Thanks