name = OAuth Refresh Token Example
$ API_ORIGIN = [[ api_origin = https://api.example.com ]]
oauth api
grant = refresh_token
token_url = [[ token_url = https://login.example.com/oauth/token ]]
client_id = secret.env("HEN_CLIENT_ID")
client_secret = secret.env("HEN_CLIENT_SECRET")
refresh_token = secret.env("HEN_REFRESH_TOKEN")
access_token -> $API_ACCESS_TOKEN
refresh_token -> $LATEST_REFRESH_TOKEN
---
Refresh and load profile
auth = api
GET {{ API_ORIGIN }}/me
* X-Refresh-Token = {{ LATEST_REFRESH_TOKEN }}
^ & status == 200
---
Reuse refreshed token downstream
GET {{ API_ORIGIN }}/audit
> requires: Refresh and load profile
* Authorization = Bearer {{ API_ACCESS_TOKEN }}
^ & status == 200