The Now Platform® Washington DC release is live. Watch now!
‎07-04-2021 05:19 AM
Can anyone tell me the basic difference between Refresh token and access token.
Solved! Go to Solution.
‎07-04-2021 05:31 AM
Hello,
Please see the below docs link
Access Token | A secure string that a client uses to access protected resources. An instance issues access tokens to clients that have a valid authorization grant. Each access token has a specific scope, lifespan, and other attributes.
By default, an instance issues access tokens with a 30-minute lifespan in the scenario where the instance is the OAuth provider. For third-party tokens, 30 days. |
Refresh Token | A credential that a client uses to obtain new access tokens without requiring additional user authorization. An instance issues a refresh token to a client when it is first authorized to have an access token.
By default, an instance issues refresh tokens with a 100-day lifespan in the scenario where the instance is the OAuth provider. For third-party tokens, 365 days. |
‎07-04-2021 05:31 AM
Hello,
Please see the below docs link
Access Token | A secure string that a client uses to access protected resources. An instance issues access tokens to clients that have a valid authorization grant. Each access token has a specific scope, lifespan, and other attributes.
By default, an instance issues access tokens with a 30-minute lifespan in the scenario where the instance is the OAuth provider. For third-party tokens, 30 days. |
Refresh Token | A credential that a client uses to obtain new access tokens without requiring additional user authorization. An instance issues a refresh token to a client when it is first authorized to have an access token.
By default, an instance issues refresh tokens with a 100-day lifespan in the scenario where the instance is the OAuth provider. For third-party tokens, 365 days. |
‎07-06-2021 04:07 AM
hi,
Refresh tokens are the credentials that can be used to acquire new access tokens.
The lifetime of a refresh token is much longer compared to the lifetime of an access token.
Refresh tokens can also expire but are quiet long-lived.
When current access tokens expire or become invalid, the authorization server provides refresh tokens to the client to obtain new access token.
An access token is a string that identifies a user, an application, or a page. The token includes information such as when the token will expire and which app created that token.
First, it is necessary to acquire OAuth 2.0 client credentials from API console.
Then, the access token is requested from the authorization server by the client.
It gets an access token from the response and sends the token to the API that you wish to access.
Please mark this helpful/correct.
Thanks