Access tokens carry the necessary information to access a resource directly. In other words, when a client passes an access token to a server managing a resource, that server can use the information contained in the token to decide whether the client is authorized or not. Access tokens usually have an expiration date and are short-lived.
Refresh tokens carry the information necessary to get a new access token. In other words, whenever an access token is required to access a specific resource, a client may use a refresh token to get a new access token issued by the authentication server. Common use cases include getting new access tokens after old ones have expired, or getting access to a new resource for the first time. Refresh tokens can also expire but are rather long-lived.
The idea of refresh tokens is that if an access token is compromised, because it is short-lived, the attacker has a limited window in which to abuse it.
VMware Cloud on AWS
You may replace the below refresh token with your token and use the rest as is :
Json querier required in step 3 : https://stedolan.github.io/jq/download/
Windows (Native with build 17063 and later) :
$REFRESH_TOKEN="YOUR-TOKEN-HERE" $RESULTS=$(curl.exe -s -X POST "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?refresh_token=$REFRESH_TOKEN") $AUTH_TOKEN=$(echo $RESULTS | jq-win64.exe -r .access_token) curl.exe -H "csp-auth-token: $AUTH_TOKEN" <URL>
OR
Download Git for windows: https://git-scm.com/downloads
Linux :
REFRESH_TOKEN="YOUR-TOKEN-HERE" RESULTS=$(curl -s -X POST "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?refresh_token=$REFRESH_TOKEN") AUTH_TOKEN=$(echo $RESULTS | jq -r .access_token) curl -H "csp-auth-token: $AUTH_TOKEN" <URL>
EXAMPLE :
1) Generating a Refresh Token :
Sample usage :