WSO2 API Manager Client Credentials renew token

Question

I am trying to renew the token generated through API Manager.

The curl statement for generate token is:

curl -k -d "grant_type=client_credentials" -H "Authorization: Basic TDQ0SktDZm5DcVVDSVBjdGYwVDIyRWwwUGY4YT
o2d19NQm9xYnBFXzRLNHR0Wkc0NXhxd0NMTDRh , Content-Type: application/x-www-form-urlencoded" https://10.108.106.214:8250/token

The response is

"scope":"am_application_scope default","token_type":"bearer","expires_in":1094,"access_token":"6d1d0f8afbd147d24bcd42bbc5361a1"

Based on the documentation it is supposed to generate a retoken which is not being genarated. What am I missing?

Also when I pass the grant_type as refresh_token. I get a invalid grant error.

curl -X POST -H "Authorization: Basic TDQ0SktDZm5DcVVDSVBjdGYwVDIyRWwwUGY4YTo2d19NQm9xYnBFXzRLNHR0Wkc0NXhxd0NMTDRh"  -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=refresh_token&refresh_token=6d1d0f8afbd147d24bcd42bbc5361a1' 'https://10.108.106.214:8250/token'

I am referring to the documentation in the URL https://docs.wso2.com/display/AM191/Token+API#TokenAPI-RenewingaccesstokensRenewing

So what am I missing?

Answer 1

According to the OAuth 2.0 Authorization Protocol specification, grant_type client_credentials should not issue refresh token.

4.4.3. Access Token Response

If the access token request is valid and authorized, the authorization server issues an access token as described in Section 5.1. A refresh token SHOULD NOT be included.

You have to use Password Grant Type

Request :

curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic bkxidjNPTnYxQ25iTXBRY2E3V3hPajdaMUVZYTpuTUQzX0tKQkhGRmxFUUlXdllmSjdTUFlleThh, Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token

Response :

{"scope":"default","token_type":"bearer","expires_in":3247,"refresh_token":"91729a78a96b58d80d869f3ec2ce8b8","access_token":"ec54b39dd9503c9f65df84b67ea586"}

Use the refresh_token to Renewing access tokens