Refresh Token

JFrog REST APIs

ft:sourceType
Paligo

Description: Refreshes an existing access token without having to provide the old token. The Refresh Token is the same API endpoint as Create Token, with a specific grant type: refresh_token.

Since: 7.37.9

Security: Requires a valid admin-scoped token.

Usage: POST /access/api/v1/tokens

Authorization: <authorization header value>

Content-Type: application/x-www-form-urlencoded

Produces: application/json (see Create Token)

Note

  • Requires authentication using credentials or an access token.

  • The refresh token must be valid (i.e., must exist and not be expired)

  • The authenticated user must match the user of the access token being refreshed (identified by the refresh token)

Note

Starting from Artifactory version 7.59.5, it is possible to enable a 'grace period' in which you will be able to refresh a token that has expired using the Refresh Token REST API.

To enable it, set the refresh-expiry parameter in your system configuration file with the length of the grace period in seconds.

Sample Usage:

200
{
  "token_id": "<id>"
  "access_token": "<access-token>",
 // optional
  "expires_in": <expiry>,              // optional
  "grant_type": "refresh_token",
  "refresh_token": "<refresh-token>" 
}

This endpoint takes the following parameters:

grant_type

Should be set to refresh_token

refresh_token

The value of refresh token of the access token that needs to be refreshed: <refresh-token>

For all other parameters, see Create Token.

Errors:

  • 400: If the token was created by a different Artifactory instance (and therefore cannot be refreshed)