Refresh Token Code Example OAuth 2.0

Use Refresh Token to get new access token when your current access token expires..

To use Refresh Token:

  1. Submit a HTTPS POST request to: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token The tenant_id format: xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx.
    Parameter Name Value
    grant_type refresh_token
    client_id <registered client_id>
    refresh_token

    To obtain it, see: Authorization Code Defined Example OAuth

    2.0

    Parameter Name Value
    scope

    <registered client_id>/.default openid offline_access

    The offline_access parameter must be added to the scope on the initial authorization request to be valid on the refresh_token grant.

    The Response generates an AzureBearerBody Token used in conjunction with the API X-CSRF-TOKEN access token.

  2. Submit an HTTPS GET request to get a token.

    Send an HTTP request (GET-request) to: http://hostname:port/insight/api/v2/token The body of the JSON response includes the following with the current session ID.

    { "xAuthToken": "F6A8C5D3B1C2EC9A37DF380C7EB5A9C5" }

    The response header contains the following values:

    Parameter Name Value
    X-CSRF-HEADER X-CSRF-TOKEN
    X-CSRF-PARAM _csrf
    X-CSRF-TOKEN 40d67d97-fb28-4a78-a111-5bae0ee706bb
  3. Use that xAuthToken as JSESSIONID for cookies and X-CSRF-TOKEN to start user session.
  4. Send a login POST-request to pass authentication using the same session (set JSESSIONID):
    Parameter Name Value
    URI: http://hostname:port/insight/api/v2/login
    Request header values:
    Content-Type: "application/json"
    X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb. This value is retrieved as a result of the previous request. (http:// hostname:port/insight/api/v2/token)
    Cookie:

    JSESSIONID=F6A8C5D3B1C2EC9A37DF380C7EB5A9C5.

    This value is retrieved from XAuthToken form as a result of the step 2.
    Request body (raw):

    {"access_token":"<obtained_access_token>", "refresh_token":"<obtained_refresh_token>",

    "token_type":"Bearer"}

    This is the Azure Generated Authorization Token gathered in steps 1 and 2.

    After successful logon, the application creates a new session and a new token to use in subsequent API calls. The response header contains the following values:

    Parameter Name Values
    X-CSRF-HEADER X-CSRF-TOKEN
    X-CSRF-PARAM _csrf
    X-CSRF-TOKEN 40d67d97-fb28-4a78-a111-5bae0ee706bb
  5. Make an API call with your new token.

All subsequent REST API POST-requests (read/create/create-or-update/delete for a specific entity) are sent through "/api/v2" URI (example: http://hostname:port/insight/api/v2/event/46098/delete) with the following attributes:

Parameter Name Value
Request header values:
Content-Type: "application/json"
X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb
Cookie:

JSESSIONID=F6A8C5D3B1C2EC9A37DF380C7EB5A9C5.

This value is retrieved from XAuthToken form as a result of the step 2.
Request body: JSON object for the specific entity.

Instead of X-CSRF-TOKEN header, you can use the "_csrf" param.