Refresh Access Token

Applies to ReadyAPI 3.10, last modified on September 23, 2021

After some period of time, an access token expires. This section describes how to update it automatically. There are two possible ways to update an access token: use refresh token or repeat the process of getting an access token via the consent screen.

Refresh token

When an authorization server issues an access token, it may also issue a refresh token. ReadyAPI stores the refresh token in the project file, so when the access token expires, ReadyAPI can send it to the authorization server to get a new access token.

Currently, you cannot get a refresh token from Google, as ReadyAPI does not support sending the access_type and prompt parameters required for that.
Use the consent screen

In case a refresh token was not issued or it expires, you need to repeat the process of getting an access token. It means you get an access token in the same way you get it in the first time, by using one of the OAuth 2.0 grant types.

Tip: ReadyAPI allows you to simulate the needed actions, so it will be able to get a new access token in unattended mode. To learn more, see Automation Script.

When ReadyAPI refreshes access token

ReadyAPI refreshes access token automatically or manually.

You configure the Refresh Access Token option in the OAuth 2.0 Advanced options dialog. To open it, click Advanced when selecting the OAuth 2.0 profile in the Auth manager or in the Auth panel.

OAuth 2.0 Advanced options: Automatic token update

Click the image to enlarge it.

Automatic update

In the automatic mode, there are two possible scenarious:

  • If there is a refresh token, ReadyAPI simply use it to get a new access token. It happens in the background when you send a request with the expired access token.

  • If there is no refresh token, or if it is expired, ReadyAPI shows the login and consent screens, so you can repeat the process of getting an access token. In case you configured the automation script, ReadyAPI runs it to simulate the needed actions.

Note: Do not confuse the Automatic mode of the Refresh Access Token option and the automation script. The Refresh Access Token option tells ReadyAPI how to refresh an access token, while the automation script simulates the needed actions on the login and consent screens.

Manual update

In the manual mode, you should refresh an access token manually:

  • If there is a refresh token, ReadyAPI shows the Refresh button:

    The Refresh button for the manual refresh access token in the Auth Manager

    Click the image to enlarge it.

    The Refresh button for the manual refresh access token in the Auth panel

    Click the image to enlarge it.

    Click the button to refresh an access token.

    The button is absent if there is no refresh token.

  • You can get a new access token in the same way you do it in the first time, by using the corresponding OAuth 2.0 grant type.

    Tip: If you configure the automation script, ReadyAPI performs the needed actions in the login and consent screens even if you set the Refresh Access Token option to Manual.

See Also

Automation Script
OAuth 2.0 Grant Types
OAuth 2.0 and OAuth 2.0 (Azure)

Highlight search results