UA Part 12: Discovery and Global Services

The RefreshToken Method is used to request an AccessToken from an AuthorizationService using a cached RefreshToken.

The CurrentRefreshToken shall only be accepted if the ClientCertificate used to create the SecureChannel is the same as the ClientCertificate used when the FinishRequestToken Method returned the original RefeshToken.

This Method shall be called from an encrypted SecureChannel and from a Client that has access to the AccessTokenRequestor Privilege (see 9.2).

Signature

RefreshToken (

[in] String ResourceId

[in] String CurrentRefreshToken

[out] String AccessToken

[out] DateTime AccessTokenExpiryTime

[out] String NewRefreshToken

[out] DateTime NewRefreshTokenExpiryTime

);

Argument	Description
ResourceId	The identifier for the Resource that the AccessToken is used to access. This is usually the ApplicationUri for a Server.
CurrentRefreshToken	The RefreshToken previously returned by the AuthorizationService.
AccessToken	The AccessToken granted to the application.
AccessTokenExpiryTime	When the AccessToken expires. If the ExpiryTime is not known the AuthorizationServer shall provide a suitable non-null value.
NewRefreshToken	A token that can be cached and used to request a new AccessToken. It replaces the RefreshToken that was provided in the Request. If null or empty the current RefreshToken can be used again.
NewRefreshTokenExpiryTime	When the RefreshToken expires. If the ExpiryTime is not known the AuthorizationServer shall provide a suitable non-null value.

Method Result Codes (defined in Call Service)

Result Code	Description
Bad_IdentityTokenRejected	The RefreshToken was rejected.
Bad_NotFound	The ResourceId is not known to the Server.
Bad_UserAccessDenied	The current user does not have the rights required.
Bad_SecurityModeInsufficient	The SecureChannel is not encrypted.

Table 148 specifies the AddressSpace representation for the RequestAccessToken Method.

Table 152 – RefreshToken Method AddressSpace Definition