LIGHT

  • News
  • Docs
  • Community
  • Reddit
  • GitHub
Star

Refresh Token

Refresh Token is issued in Authorization Code Grant and Resource Owner Password Credentials Grant along with access token. Also, for maximum security, a refresh token is issued every time the old refresh token is used to renew an access token. The token service is responsible for issuing refresh token alone with access token. This service is used to manage the refresh token. For example, all all active refresh tokens, delete/revoke a refresh token or retrieve all information about one particular refresh token.

This service is listening to port number 6886.

Here is the specification

swagger: '2.0'

info:
  version: "1.0.0"
  title: OAuth2 Refresh Token Management
  description: OAuth2 refresh token management microservices endpoints. 
  contact:
    email: [email protected]
  license:
    name: "Apache 2.0"
    url: "http://www.apache.org/licenses/LICENSE-2.0.html"
host: oauth2.networknt.com
schemes:
  - http
  - https

consumes:
  - application/json
produces:
  - application/json

paths:
  /oauth2/refresh_token:
    get:
      description: Return all refresh tokens
      operationId: getAllRefreshToken
      parameters:
      - name: "page"
        in: "query"
        description: "Page number"
        required: true
        type: "integer"
        format: "int32"
      - name: "pageSize"
        in: "query"
        description: "Pag size"
        required: false
        type: "integer"
        format: "int32"
      - name: "userId"
        in: "query"
        description: "Partial userId for filter"
        required: false
        type: "string"
      responses:
        200:
          description: "successful operation"
          schema:
            type: "array"
            items:
              $ref: "#/definitions/RefreshToken"
      security:
      - refresh_token_auth:
        - "oauth.refresh_token.r"
          
  /oauth2/refresh_token/{refreshToken}:
    delete:
      description: Delete a refresh token
      operationId: deleteRefreshToken
      parameters:
      - name: "refreshToken"
        in: "path"
        description: "Refresh Token"
        required: true
        type: "string"
      responses:
        400:
          description: "Invalid refresh token supplied"
        404:
          description: "Refresh token not found"
      security:
        - refresh_token_auth:
          - oauth.refresh_token.w
    get:
      description: Get a refresh token
      operationId: getRefreshToken
      parameters:
      - name: "refreshToken"
        in: "path"
        description: "Refresh token"
        required: true
        type: "string"
      responses:
        200: 
          description: Successful response
          schema:
            $ref: "#/definitions/RefreshToken"          
        400:
          description: "Invalid refresh token supplied"
        404:
          description: "Refresh token not found"
      security:
        - refresh_token_auth:
          - oauth.refresh_token.r
          - oauth.refresh_token.w

securityDefinitions:
  refresh_token_auth:
    type: "oauth2"
    authorizationUrl: "http://localhost:8888/oauth2/code"
    flow: "implicit"
    scopes:
      oauth.refresh_token.w: "write oauth refresh token"
      oauth.refresh_token.r: "read oauth refresh token"
definitions:
  RefreshToken:
    type: "object"
    required:
    - "refreshToken"
    - "userId"
    - "clientId"
    properties:
      refreshToken:
        type: "string"
        description: "refresh token"
      userId:
        type: "string"
        description: "user id"
      clientId:
        type: "string"
        description: "client id"
      scope:
        type: "string"
        description: "service scopes separated by space"

/oauth2/refresh_token@get

This endpoint gets all the issued refresh tokens with filter and sorted on userId. A page query parameter is mandatory. pageSize and userId filter are optional.

  • page

Page number which must be specified. It starts with 1 and an empty list will be returned if the page is greater than the last page.

  • pageSize

Default pageSize is 10 and you can overwrite it with another number. Please don’t use a big number due to performance reason.

  • userId

This is the only filter available and it supports filter by start with a few characters. For example, “userId=abc” means any userId starts with “abc”. The result is also sorted by userId in the pagination.

The following validation will be performed in the service.

  • If page is missing from the query parameter, an error will be returned.
  "ERR11000": {
    "statusCode": 400,
    "code": "ERR11000",
    "message": "VALIDATOR_REQUEST_PARAMETER_QUERY_MISSING",
    "description": "Query parameter '%s' is required on path '%s' but not found in request."
  }

/oauth2/refresh_token/{refreshToken}@delete

This endpoint is used to revoke a refresh token. It removes the refresh token from in memory data grid when calling this endpoint. On the user interface, please make sure the operator confirms the action before submitting the request to the service.

Before the refresh token is deleted, the following validation will be performed.

  • If refresh token doesn’t exist in memory, then the following error will be returned.
  "ERR12029": {
    "statusCode": 404,
    "code": "ERR12029",
    "message": "REFRESH_TOKEN_NOT_FOUND",
    "description": "Refresh token %s is not found."
  }

/oauth2/refresh_token/{refreshToken}

This is the endpoint to get a particular refresh token information. The server will perform the following validations before the refresh token object is returned to the consumer.

  • If refresh token doesn’t exist in cache, then the following error will be returned.
  "ERR12029": {
    "statusCode": 404,
    "code": "ERR12029",
    "message": "REFRESH_TOKEN_NOT_FOUND",
    "description": "Refresh token %s is not found."
  }
  • About Light
    • Overview
    • Testimonials
    • What is Light
    • Features
    • Principles
    • Benefits
    • Roadmap
    • Community
    • Articles
    • Videos
    • License
    • Why Light Platform
  • Getting Started
    • Get Started Overview
    • Environment
    • Light Codegen Tool
    • Light Rest 4j
    • Light Tram 4j
    • Light Graphql 4j
    • Light Hybrid 4j
    • Light Eventuate 4j
    • Light Oauth2
    • Light Portal Service
    • Light Proxy Server
    • Light Router Server
    • Light Config Server
    • Light Saga 4j
    • Light Session 4j
    • Webserver
    • Websocket
    • Spring Boot Servlet
  • Architecture
    • Architecture Overview
    • API Category
    • API Gateway
    • Architecture Patterns
    • CQRS
    • Eco System
    • Event Sourcing
    • Fail Fast vs Fail Slow
    • Integration Patterns
    • JavaEE declining
    • Key Distribution
    • Microservices Architecture
    • Microservices Monitoring
    • Microservices Security
    • Microservices Traceability
    • Modular Monolith
    • Platform Ecosystem
    • Plugin Architecture
    • Scalability and Performance
    • Serverless
    • Service Collaboration
    • Service Mesh
    • SOA
    • Spring is bloated
    • Stages of API Adoption
    • Transaction Management
    • Microservices Cross-cutting Concerns Options
    • Service Mesh Plus
    • Service Discovery
  • Design
    • Design Overview
    • Design First vs Code First
    • Desgin Pattern
    • Service Evolution
    • Consumer Contract and Consumer Driven Contract
    • Handling Partial Failure
    • Idempotency
    • Server Life Cycle
    • Environment Segregation
    • Database
    • Decomposition Patterns
    • Http2
    • Test Driven
    • Multi-Tenancy
    • Why check token expiration
    • WebServices to Microservices
  • Cross-Cutting Concerns
    • Concerns Overview
  • API Styles
    • Light-4j for absolute performance
    • Style Overview
    • Distributed session on IMDG
    • Hybrid Serverless Modularized Monolithic
    • Kafka - Event Sourcing and CQRS
    • REST - Representational state transfer
    • Web Server with Light
    • Websocket with Light
    • Spring Boot Integration
    • Single Page Application
    • GraphQL - A query language for your API
    • Light IBM MQ
    • Light AWS Lambda
    • Chaos Monkey
  • Infrastructure Services
    • Service Overview
    • Light Proxy
    • Light Mesh
    • Light Router
    • Light Portal
    • Messaging Infrastructure
    • Centralized Logging
    • COVID-19
    • Light OAuth2
    • Metrics and Alerts
    • Config Server
    • Tokenization
    • Light Controller
  • Tool Chain
    • Tool Chain Overview
  • Utility Library
  • Service Consumer
    • Service Consumer
  • Development
    • Development Overview
  • Deployment
    • Deployment Overview
    • Frontend Backend
    • Linux Service
    • Windows Service
    • Install Eventuate on Windows
    • Secure API
    • Client vs light-router
    • Memory Limit
    • Deploy to Kubernetes
  • Benchmark
    • Benchmark Overview
  • Tutorial
    • Tutorial Overview
  • Troubleshooting
    • Troubleshoot
  • FAQ
    • FAQ Overview
  • Milestones
  • Contribute
    • Contribute to Light
    • Development
    • Documentation
    • Example
    • Tutorial
“Refresh Token” was last updated: April 2, 2019: fixes #62 add Chinese language for the document site (5c820aa)
Improve this page
  • News
  • Docs
  • Community
  • Reddit
  • GitHub
  • About Light
  • Getting Started
  • Architecture
  • Design
  • Cross-Cutting Concerns
  • API Styles
  • Infrastructure Services
  • Tool Chain
  • Utility Library
  • Service Consumer
  • Development
  • Deployment
  • Benchmark
  • Tutorial
  • Troubleshooting
  • FAQ
  • Milestones
  • Contribute