Configure Refresh Token Exchange with Token Vault
Web, mobile, and native applications can use the refresh token exchange to retrieve an external provider’s access token from Token Vault. Using the external provider’s access token, the application can call the external provider’s API on the user’s behalf.
To use the refresh token exchange with Token Vault, you need to configure your application with the following grant types:
Authorization Code: Enables your application to perform the initial user login, where your application exchanges a temporary authorization code for an Auth0 access token, refresh token, and ID token.
Refresh token: Enables your application to use a long-lived Auth0 refresh token to request a new Auth0 access token without requiring the user to log in again.
Token Vault: Enables your application to exchange an Auth0 refresh token for an external provider’s access token stored in the Token Vault.
To configure your application for the refresh token exchange:
Navigate to Applications > Applications.
Select the application you want to configure.
Under Advanced Settings > Grant Types, select the Refresh Token, Authorization Code, and Token Vault grant types.
Select Save Changes.
To configure your application for the refresh token exchange, make a PATCH call to the Update a Client endpoint to add the refresh_token, authorization_code, and urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token grant types to the client JSON object:
curl --location --request PATCH 'https://{yourDomain}/api/v2/clients/{clientId}' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <YOUR_MANAGEMENT_API_TOKEN>' \
--data '{
"grant_types": [
"refresh_token",
"authorization_code",
"urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token"
]
}'Was this helpful?