Open Menu

© 2018 Capita Business Services Ltd. All rights reserved.

Capita Education Software Solutions is a trading name of Capita Business Services Ltd. Our Registered office is 30 Berners Street, London, W1T 3LR and our registered number is 02299747. Further information about Capita plc can be found in our legal statement.

Product / Web - SIMS ID Based APIs / Refresh Tokens

Refresh Tokens

A Refresh Token is a special kind of token that can be used to obtain a renewed access token. Care must be exercised with refresh tokens - they must be stored securely by an application as they essentially can be used to allow a user to remain authenticated forever.

Refresh tokens are supported for the following flows: authorisation code, hybrid and resource owner password credential flow. Clients needs to be allowed to request the offline_access scope to get a refresh token.

We support the following client configuration options for refresh tokens:

Refresh Token Usage

  • ReUse
    • the refresh token handle will stay the same when refreshing tokens
  • OneTime
    • the refresh token handle will be updated when refreshing tokens

Refresh Token Expiration

  • Absolute
    • the refresh token will expire on a fixed point in time (specified by the Absolute Refresh Token Lifetime below)
  • Sliding
    • when refreshing the token, the lifetime of the refresh token will be renewed (by the amount specified in Sliding Refresh Token Lifetime below). The lifetime will not exceed the absolute lifetime.

Absolute Refresh Token Lifetime

Maximum lifetime of a refresh token in seconds. The default is 2592000 seconds / 30 days

Sliding Refresh Token Lifetime

Sliding lifetime of a refresh token in seconds. The default is 1296000 seconds / 15 days


 

Web - SIMS ID Based APIs RESOURCES

Related resources for Web - SIMS ID Based APIs