The functionality of the Authorization Code Grant authorization flow is now improved with support for refresh tokens.
Refresh tokens are long-lasting credentials which you can use to fetch additional access tokens. Unlike access tokens, refresh tokens do not expire until you revoke them.
To allow the management of tokens, the /revoke endpoint now enables you to revoke multiple tokens in a single request. Using this endpoint enables you to revoke refresh tokens and access tokens.
Additionally, the /refreshtokens endpoint now enables you to delete numerous refresh tokens by posting a single request. Additionally, you can filter the refresh tokens by the client for which they are issued.
Learn more about the refresh tokens:
- Read the OAuth2 specification.
- See the Tokens section of OAuth2 service documentation.
- Read the OAuth2 service API console for more detailed information on how to use the
/refreshtokensand/revokeendpoints.
If you find any information that is unclear or incorrect, please let us know so that we can improve the Dev Portal content.
Use our private help channel. Receive updates over email and contact our specialists directly.
If you need more information about this topic, visit hybris Experts to post your own question and interact with our community and experts.