What is the correct way to request a refresh token?

I'm able to request an access token without issue.

However I cannot use the refresh token to get a new one when it expires.

I get an invalid grant_type error. 

I've tried both with and without an auth header with a bearer token.

And with a OAuth-Token header.

The documentation lists two grant types and I'm using what they define

What am I doing wrong?

  • Hey Rich,

    It looks like you're pretty close, here is what I use within Postman

    {
       "grant_type":"refresh_token",
       "client_id":"sugar",
       "client_secret":"",
       "platform":"{{platform}}",
       "refresh_token": "{{refresh_token}}"
    }

    If you're using Postman here is what I setup within my Scripts tab within the Authorize and Refresh Requests so that it stores the new values into the Environment Variables. This could help with your testing and make your life easier.

    var jsonData = JSON.parse(responseBody);
    var access_token = jsonData.access_token;
    var refresh_token = jsonData.refresh_token;
    
    tests["Successful POST request"] = responseCode.code === 200;
    tests["access_token exists"] = access_token !== null || access_token !== "";
    tests["refresh_token exists"] = refresh_token !== null || refresh_token !== "";
    
    postman.setEnvironmentVariable("access_token", access_token);
    postman.setEnvironmentVariable("refresh_token", refresh_token);
    

    I hope this helps.

  • Awesome, thanks  . I thought I had already tried using similar payload to the access_token, but I guess not.

    For the record this worked (with no Auth headers)

    PS I'm using Bruno - setting up the scripts is on my TODO list :0)

  • Perfect! I figured you had it as you were so close. Also good chances you had it correct at some point as that error appears even if you have it correct but the refresh_token itself wrong.

    Never heard of Bruno but decided to play for a few minutes and wrote you the script to use for fun Slight smile

    Add the access_token and refresh_token Environment Variables first, then in Scripts > Post Response add the following and enjoy! This will help you as you setup your other calls.

    let data = res.getBody();
    bru.setEnvVar ("access_token", data.access_token);
    bru.setEnvVar ("refresh_token", data.refresh_token);

  • It may just be a typo but for the benefit of anyone trying to use your answer, I'm afraid there is a flaw in your logic.

    The condition:

    access_token !== null || access_token !== ""

    will always evaluate to true for any value of access_token (that is: null, "", any postive string value, any integer, any decimal, any boolean etc.). I think you need to use the logical AND, &&, instead of the logical OR, ||, in your conditions in order to have an array entry that indicates whether the token has been received or not.

    access_token !== null && access_token !== ""

    Your script will work as long as you get an access_token (or refresh_token) in the JSON. The problem will start when you are not receiving anything and I would think that is exactly when you don't want it to not work Wink

    EDIT::

    I should have added, for completeness, that you should also test in your condition to ensure that what you are receiving is a String and possibly even that it it the correct length, correct format etc.

    Although this is pretty moot as if it works then you  have it and if not then you don't!! That is a ropey approach though and may well annoy coding purists Slight smile

    Thanks,

    JH.