Search

Refreshing expired access tokens

NB: This is a draft specification!

Refresh tokens can be issued to enable sessions to last longer than the validity period of an access token. To obtain a refresh token the app should include the online_access scope in the authorization token request. The app can use the expires_in field from the token response (see step 11) to determine when its access token will expire. After an access token expires, the app requests a new access token by providing its refresh token to the ZorgDomein token endpoint. An HTTP POST reqeust is made to the authorization server’s token URL, with content-type application/x-www-form-urlencoded. The following request parameters must be included:

  • grant_type – Fixed value: refresh_token.
  • refresh_token – The refresh token from a prior authorization response.

Example POST request:

POST /api/oauth/token HTTP/1.1
Host: www.zorgdomein.nl
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token
&refresh_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJjbGllbnRfaWQiOiJteXNtYXJ0YXBwaWQiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIHBob25lIGxhdW5jaC9wYXRpZW50IGxhdW5jaC96ZG51bWJlciBwYXRpZW50L0FwcG9pbnRtZW50LndyaXRlIG9ubGluZV9hY2Nlc3MiLCJ1c2VyIjoiMWFmMjE2ZTQtNjFjYy00ZmE0LWJhOTMtYzE3MDhhZTVmNmUwIiwicGF0aWVudCI6IjliZTA3NDA4LWUyMDYtNGQ1Zi05YmRjLTcwMjRjMTg3NzY5YiIsInpkbnVtYmVyIjoiWkQxMjM0NTY3OCIsImlhdCI6MTU3MTMyNTg2M30.vc5rOoaRWS3wqzTG_UcEG1LGl1MKVHCmpMtAmumnYbA