search cancel

[DEMO] OIDC refresh token validity and renewal in VIP Auth Hub

book

Article ID: 253837

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

This is to demonstrate how refresh_token can be rotated from VIP Auth Hub as Authorization Provider.

Environment

Release : 12.8

Resolution

This feature is documented as below.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/vip-authentication-hub/2022-Oct/Developer-Information/OAuth-Service.html#concept.dita_19364122-7f99-4c4f-b73d-3d5aa643b9ab_RT1a

 

Following is the demonstration.


1. Obtain a Refresh Token
We use "/token" endpoint with scope as "offline_access" to get a Refresh Token

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=4EOkd0Mq6T/Kx3lwlCnwAg==

We got "refresh_token""apuRLPNo0kTWGrXKopnqYUb0tXeoBaNQUHyC"

2. Obtain both new Access Token and new Refresh Token using the Refresh Token grants
In the "/token" endpoint request body, enter the value of the obtained Refresh Token above.

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=sIvtsh4YqTOeJXM5Xe6Ilg==
Refresh Token is updated, i.e. "refresh_token""O8d230jD03B7GkPIvYJfbOhoWX4YCw98Atmx", with a renewed expires_in value.