Refresh Token

JFrog REST APIs

Content Type
REST API
ft:sourceType
Paligo

Description: Refreshes an existing access token without having to provide the old token. The Refresh Token is the same API endpoint as Create Token, with a specific grant type: refresh_token.

Since: 7.37.9

Security: Requires a valid token.

Usage: POST /access/api/v1/tokens

Authorization: <authorization header value>

Content-Type: application/x-www-form-urlencoded and application/json

Produces: application/json (see Create Token)

Note

  • The authenticated user must match the user of the access token being refreshed (identified by the refresh token)

  • Starting from Artifactory version 7.59.5, it is possible to enable a grace period in which you will be able to refresh a token that has expired using the Refresh Token REST API.

    To enable it, set the refresh-expiry parameter in your system configuration file with the length of the grace period in seconds.

Sample Usage:

curl -H "Authorization: Bearer <valid access token>" -XPOST "http://localhost:8082/access/api/v1/tokens" -d "grant_type=refresh_token" -d "refresh_token=<refresh-token>" 

200
{
  "token_id": "<id>"
  "access_token": "<access-token>",
  "expires_in": <expiry>,         // optional
  "grant_type": "refresh_token",
  "refresh_token": "<refresh-token>" 
}

This endpoint takes the following parameters.

grant_type

Should be set to refresh_token

refresh_token

The value of refresh token of the access token that needs to be refreshed: <refresh-token>

For all other parameters, see see Create Token.

Errors:

  • 400: If the token was created by a different Artifactory instance (and therefore cannot be refreshed)