Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Refresh token must be valid and not revoked

  2. User must be active and not black-listed

  3. For confidant person it is needed to validate relationship on each refresh

Specification

https://uaehealthapi.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/oauth/use-refresh-token-for-access-token-extensionApiary

Validations

Authorization

  • Verify the validity of the refresh token

    • in case of error - return 401 (“Invalid access token”)

  • Verify that token is not expired

    • in case of error - return 401 (“Token expired.”)

...

  1. Generate new access_token according to the logic, described here RC Exchange oAuth Code Grant to Access Token