Аутентификация через refresh token¶
По истечении срока жизни «access_token» необходимо обменять полученный ранее «refresh_token» на новую пару токенов.
Для этого необходимо передать следующие параметры:
- grant_type = refresh_token;
- refresh_token =
<refresh_token>; - client_id =
<client_id>.
Пример запроса на аутентификацию через «refresh_token»:
POST http://<gateway-host>/api/auth
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&client_id=dh-client&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjZmQ1YTI0Ni1lMjU3LTQ0ZDktOWMyYi04Yjc4ZDFkNTdiNzEifQ.eyJleHAiOjE2Njg2NTgyNjYsImlhdCI6MTY2ODY1NjQ2NiwianRpIjoiZGVmMThlZGQtNjdmMi00ZmE0LTg1NGMtNjg2Y2ZhMzcxNWRlIiwiaXNzIjoiaHR0cDovLzE3Mi4yOS43My41OTo4MDgwL3JlYWxtcy9ESCIsImF1ZCI6Imh0dHA6Ly8xNzIuMjkuNzMuNTk6ODA4MC9yZWFsbXMvREgiLCJzdWIiOiIwMzg5MGE4Yy01ZGJkLTQyN2YtOWFhMi1hNGZjZTdkYzg2ZDYiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiZGgtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImYxYTlkNTM2LThlMDctNDYzNi04MmE0LWM3MGJhMDI0YTIxZSIsInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsInNpZCI6ImYxYTlkNTM2LThlMDctNDYzNi04MmE0LWM3MGJhMDI0YTIxZSJ9.5TNWiE6xaPPTkhv8IV7IzO9OWQ004D0uMw99iTnhAhY
Пример ответа:
HTTP/1.1 200 OK
Referrer-Policy: no-referrer
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Cache-Control: no-store
X-Content-Type-Options: nosniff
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Content-Type: application/json
content-length: 2273
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJmYjd1a0R3WUpGYV9MOEVoNmZSSVBMM1Zlam1yNGNyRmtBcWFKMVlPTlA4In0.eyJleHAiOjE2Njg2NTg3MzEsImlhdCI6MTY2ODY1NjkzMSwianRpIjoiODczMTBiYzItZWFlYi00MDZjLTlmYTYtYWIzNjU3NjQ5MDdlIiwiaXNzIjoiaHR0cDovLzE3Mi4yOS43My41OTo4MDgwL3JlYWxtcy9ESCIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIwMzg5MGE4Yy01ZGJkLTQyN2YtOWFhMi1hNGZjZTdkYzg2ZDYiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJkaC1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiNDhhYzI4NTYtMWZmMS00N2FkLThlZmUtYWU4Y2Y5NWFhZGU2IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLWRoIiwiUk9MRV9VU0VSIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImRoLWNsaWVudCI6eyJyb2xlcyI6WyJ1bWFfcHJvdGVjdGlvbiIsImRoLWFkbWluIiwiZGgtdXNlciJdfSwiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJwcm9maWxlIGVtYWlsIiwic2lkIjoiNDhhYzI4NTYtMWZmMS00N2FkLThlZmUtYWU4Y2Y5NWFhZGU2IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cHMiOlsiL2dyLXVzZXJzL2RoLXBvd2VyLXVzZXJzIl0sInByZWZlcnJlZF91c2VybmFtZSI6ImRoLXVzZXIiLCJnaXZlbl9uYW1lIjoiIiwiZmFtaWx5X25hbWUiOiIifQ.N8AS-mTfCGVYfqk0SkKzBiYsFrt9T49tQkTWZ9fGv9p4YL3lhikXYPHQX5lCfVB7gLFj0SSdqQYkHi_-qbNvz8sif2pQoLIt_APwxcNmznfE0NIUezx-4ShZiRANvM_xJBPDu4bcWVLzon6zek6o13t5YaE3ln4KWnzAfFdWHy7HQqJ9Tl4Dbi7sOOShOJKjirluCl4TJP2dSmD3SUUKSZLX1uQMU0n9u_A3l9vYm2vT-7YwmUkAeCmCEF8nESWxDufoVu2xiCFbTi3Gx8wU59vKD8EnxiBJ-qHP9xkdZMTXPXZaxb9ouY093bVFwGJjl6J1TuHlwJkX3LKG8-9a1g",
"expires_in": 1800,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjZmQ1YTI0Ni1lMjU3LTQ0ZDktOWMyYi04Yjc4ZDFkNTdiNzEifQ.eyJleHAiOjE2Njg2NTg3MzEsImlhdCI6MTY2ODY1NjkzMSwianRpIjoiOTFjZTIwZTYtMzZlZS00MzY3LWI3OWMtM2FiODhmMzM5OGEwIiwiaXNzIjoiaHR0cDovLzE3Mi4yOS43My41OTo4MDgwL3JlYWxtcy9ESCIsImF1ZCI6Imh0dHA6Ly8xNzIuMjkuNzMuNTk6ODA4MC9yZWFsbXMvREgiLCJzdWIiOiIwMzg5MGE4Yy01ZGJkLTQyN2YtOWFhMi1hNGZjZTdkYzg2ZDYiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiZGgtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjQ4YWMyODU2LTFmZjEtNDdhZC04ZWZlLWFlOGNmOTVhYWRlNiIsInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsInNpZCI6IjQ4YWMyODU2LTFmZjEtNDdhZC04ZWZlLWFlOGNmOTVhYWRlNiJ9.Tx0mVSQFNLMx3wbwck-gWZNT0KFa3H_CQFC-jthpMCQ",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "48ac2856-1ff1-47ad-8efe-ae8cf95aade6",
"scope": "profile email"
}