...
Refresh token must be valid and not revoked
User must be active and not black-listed
For confidant person it is needed to validate relationship on each refresh
Specification
https://uaehealthapi.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/oauth/use-refresh-token-for-access-token-extensionApiary
Validations
Authorization
Verify the validity of the refresh token
in case of error - return 401 (“Invalid access token”)
Verify that token is not expired
in case of error - return 401 (“Token expired.”)
...
Get person_id
from user_id
and applicant_person_id
from applicant_user_id
Check relationship using /wiki/spaces/PCAB/pages/17415995422 Relationship between Confidant Patient and Related Patient validation algorithm and having person_id and applicant_person_id
...
Generate new
access_token
according to the logic, described here /wiki/spaces/PCAB/pages/17452269702 Exchange oAuth Code Grant to Access Token