Refresh Access Token

Applies to ReadyAPI 3.42.1, last modified on November 28, 2022

After some period of time, an access token expires. This topic describes how to update it.

Basics

There are two possible ways to update an access token: use refresh token or repeat the process of getting an access token via the consent screen.

Refresh token

When an authorization server issues an access token, it may also issue a refresh token. ReadyAPI stores the refresh token in the project file, so when the access token expires, ReadyAPI can send it to the authorization server to get a new access token.

Currently, you cannot get a refresh token from Google, as ReadyAPI does not support sending the access_type and prompt parameters required for that.
Consent screen

In case a refresh token was not issued or it expires, you need to repeat the process of getting an access token. It means you get an access token in the same way you get it in the first time, by using one of the OAuth 2.0 grant types.

Tip: ReadyAPI allows you to simulate the needed actions, so it will be able to get a new access token in unattended mode. To learn more, see Automation Script.

Process overview

The process of updating an access token in ReadyAPI depends on several aspects:

  • Whether the Refresh Access Token option is set to Automatic or Manual.

  • Whether there is a valid refresh token.

  • Whether the automation script is configured.

Refresh Access Token
Automatic Manual
Refresh token exist ReadyAPI automatically updates the access token using the refresh token. You need to click Refresh to update the access token using the refresh token.
There is no valid refresh token ReadyAPI opens the consent screen. You need to repeat the process of getting an access token. You need to open the Get Access Token and repeat the process of getting an access token.

In both cases, if there is a configured automation script, ReadyAPI uses it to simulate interaction with the consent screen.

Below, we describe each of these scenarios in detail.

When does ReadyAPI start refreshing an access token?

There are two possible ways to trigger the process of the access token update:

  • In Automatic mode - ReadyAPI starts the process once the access token expires. This is the default behavior.
  • In Manual mode - you need to start the process manually.
  1. Click Advanced when selecting the OAuth 2.0 profile in the Auth manager or in the Auth panel.

  2. Set the needed mode in the Refresh Access Token option:

    OAuth 2.0 Advanced options: Automatic token update

    Click the image to enlarge it.

Automatic mode

Use a refresh token

If there is a refresh token, ReadyAPI simply use it to get a new access token. It happens in the background when you send a request with the expired access token.

Get a new access token

If there is no refresh token, or if it is expired, ReadyAPI shows the login and consent screens. In case you configured the automation script, ReadyAPI runs it to simulate the needed actions. Otherwise, you need to manually go through the login and consent screens to get an access token.

Note: Do not confuse the Automatic mode of the Refresh Access Token option and the automation script. The Refresh Access Token option tells ReadyAPI when to trigger an access token update, while the automation script simulates the needed actions on the login and consent screens.

Manual mode

Use a refresh token

If there is a refresh token, ReadyAPI shows the Refresh button:

The Refresh button for the manual refresh access token in the Auth Manager

Click the image to enlarge it.

The Refresh button for the manual refresh access token in the Auth panel

Click the image to enlarge it.

Click the button to refresh an access token.

The button is absent if there is no refresh token.

Get a new access token

You can get a new access token in the same way you do it in the first time, by using the corresponding OAuth 2.0 grant type.

Tip: If you configure the automation script, ReadyAPI performs the needed actions in the login and consent screens even if you set the Refresh Access Token option to Manual.

See Also

Automation Script
OAuth 2.0 Grant Types
OAuth 2.0 and OAuth 2.0 (Azure)

Highlight search results