article

benjamin-dean avatar image
benjamin-dean Posted · · edited ·

Disabling refresh_token from being generated for /oauth/token requests

There are times when your app or integration with RingCentral may not require the refresh_token as part of the oauth/token request while obtaining an access_token. When your app or integration doesn't require this refresh_token, you can easily disable it by setting the TTL (time to live) for the refresh_token_ttl to zero (0).

Requesting an access_token and generating a refresh_token:

POST /restapi/oauth/token HTTP/1.1
HOST:  https://platform.ringcentral.com
Content-Type: application/x-form-www/urlencoded; charset=utf-8
Authorization: Basic [Base64 Encoded appKey + appSecret]

username=[ringCentralUsername]&password=[ringCentralPassword]&grant_type=password

Response generating a refresh_token:

{   "access_token": "[ACCESS_TOKEN_HIDDEN_FOR_SECURITY_REASONS]",   "token_type": "bearer",   "expires_in": 3599,   "refresh_token": "[REFRESH_TOKEN_HIDDEN_FOR_SECURITY_REASONS]",   "refresh_token_expires_in": 604799,   "scope": "ReadCallLog",   "owner_id": "[RC_OWNER_ID_HIDDEN_FOR_SECURITY_REASONS]" }

Requesting an access_token without generating a refresh_token:

POST /restapi/oauth/token HTTP/1.1
HOST: https://platform.ringcentral.com
Content-Type: application/x-form-www/urlencoded; charset=utf-8
Authorization: Basic [Base64 Encoded appKey + appSecret]

username=[ringCentralUsername]&password=[ringCentralPassword]&refresh_token_ttl=0&grant_type=password

Response without generating a refresh_token:

{   "access_token": "[ACCESS_TOKEN_HIDDEN_FOR_SECURITY_REASONS]",   "token_type": "bearer",   "expires_in": 3599,   "scope": "ReadCallLog",   "owner_id": "[RC_OWNER_ID_HIDDEN_FOR_SECURITY_REASONS]" }

An example use case for not needing the refresh token is for server-to-server applications where you already know the username and password for your application and can simply make a request once per hour to fetch a new token.
topic-default
2 comments
1 |1000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Using this same method can you extend the refresh_token instead of 7 days?
0 Likes 0 · ·
The maximum length of time for our refresh tokens is 604799 seconds currently. If you attempt to set a value higher than this, the default maximum will be set.
0 Likes 0 · ·

Article

Contributors

benjamin-dean contributed to this article