Back to top
Home / Knox Cloud Authentication / Knox OAuth2 Authentication / Authorization code flow (3-legged OAuth2) /

Step 4 — Refresh access token

Last updated December 21st, 2023

You may use the refresh token obtained in “Step 3” to get another access token to call Knox web services.

Knox Authorization Server also issues a new refresh token as a result of this request (old refresh token is discarded).

When the access token expires, you can request a new access token using the current refresh token:

curl 
--location 'https://api.samsungknox.com/ams/v1/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_id={OAUTH2_CLIENT_ID}' \
--data-urlencode 'client_secret={OAUTH2_CLIENT_SECRET}' \
--data-urlencode 'refresh_token={CURRENT_REFRESH_TOKEN}'

You receive a refreshed access token and a refresh token in the below format:

{ 
  "access_token": "eyJraWQiOiIzYjkwNjAxMSPYLQnMi9A", 
  "refresh_token": "Aj5OaUNYQ9MZ02Fc2MXZLNDvc", 
  "scope": "ke", 
  "token_type": "Bearer", 
  "expires_in": 599 
}

Make sure to store the new refresh token for future use.

Revoke access token

If you no longer require access to customer’s resources, you can revoke your access/refresh tokens (for more details, please refer to Knox OAuth2 Authorization Server API).

Example:

curl 
--location 'https://api.samsungknox.com/ams/v1/oauth2/revoke' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=z3w55213y2' \
--data-urlencode 'client_secret=Cy2GFPJBfGHvc5DfBctlXNfBZH8AfVbD' \
--data-urlencode 'token=X1JYJfxRzKlnKmEGqAsYBdBMDtYJZ'

Is this page helpful?