The refresh token grant is used to replace expired access tokens with active ones by exchanging the refresh token at the endpoint specified by the TokenURI property.
Note: As opposed to using a third-party application such as Postman, you can use the Progress DataDirect Autonomous REST Connector Configuration Manager to obtain a refresh token to support the access token flow. See Obtaining access and refresh tokens using the Configuration Manager for details.

To configure the driver to use an authentication flow for a refresh token grant:

  • Configure the minimum properties required for a connection:
    • If you are using a Model file, set the Config property to provide the name and location of the Model file. For example, C:/path/to/googleanalytics.rest.
    • If you are using the Sample property, set the Sample property to specify the endpoint that you want to connect to and sample. For example, https://example.com/countries/.
  • Set the AuthenticationMethod property to OAuth2-RefreshToken.
    Note: To support existing configurations, the AuthenticationMethod property will continue to support the OAuth2 value for the refresh token grant.
  • Set the ClientID property to specify the client ID key for your application.
  • Set the ClientSecret property to specify the client secret for your application.
    Important: The client secret is a confidential value used to authenticate the application to the server. To prevent unauthorized access, this value must be securely maintained.
  • Set the RefreshToken property to specify the refresh token used to request a new access token or renew an expired one.
    Important: The refresh token is a confidential value used to authenticate to the server. To prevent unauthorized access, this value must be securely maintained.
  • Set the TokenURI property to specify the endpoint from which the driver fetches access tokens.
    Note: By default, the connector prefixes the token URI endpoint with a GET request method. However, some OAuth implementations require that the token URI endpoint be passed with a POST request method. In this scenario, the token URI endpoint must be prefixed with POST when specifying the value of the TokenURI property. For example: TokenURI=POST https://example.com/oauth2/authorize/.
  • Optionally, specify values for a custom HTTP header to be used for authentication, such as those used in tenant ID authentication:
    • Set the AuthHeader property to specify the name of the HTTP header used for authentication.
    • Set the SecurityToken property to specify the value of the HTTP header named by the AuthHeader option.

    For example, if you have the header Authorization:1a2bc34def567, you would specify AuthHeader=Authorization and SecurityToken=1a2bc34def567.

    Note: You can specify multiple custom HTTP headers using the #headers in the Model file. See "Requests with custom HTTP headers" for details.
  • Optionally, set the Scope property to specify a space-separated list of OAuth scopes to limit the permissions granted by the access token.
  • Optionally, set the ClientCredentialsMode property to determine how client credentials are sent in a request in a request to obtain an access token. Configure this property for flows that require client credentials to be specified in only a basic authentication header or only as a URL parameter.
    • If set to All, the client credentials are sent as both a basic authentication header and a URL parameter. This is the default setting.
    • If set to Basic, the client credentials are sent as a basic authentication header.
    • If set to Url, the client credentials are sent as a URL parameter.
    • If set to Post, the client credentials are sent in the body of a POST request.

The following example demonstrates a basic Google Analytics™ session using a refresh token grant:

Using a connection URL:

Connection conn = DriverManager.getConnection
  ("jdbc:datadirect:autorest:AuthenticationMethod=OAuth2-RefreshToken;
    ClientID='1234567898-a1bc2de3fgh4ij567klmn8opqr9stu.apps.googleusercontent.com'
    ClientSecret='FaZBFRsGXTaR';Config=C:/path/to/googleanalytics.rest;
    RefreshToken='1/abCD0F1GHijkLmNOPqrs_T2VWx3Y-Zabc45dE6FGh';
    TokenURI=https://accounts.google.com/o/oauth2/token;");

Using a data source: 

AutoRESTDataSource mds = new AutoRESTDataSource();
mds.setDescription("My Autonomous REST Data Source");
mds.setAuthenticationMethod("OAuth2-RefreshToken");
mds.setClientID("1234567898-a1bc2de3fgh4ij567klmn8opqr9stu.apps.googleusercontent.com");
mds.setClientSecret("FaZBFRsGXTaR");
mds.setConfig("C:/path/to/googleanalytics.rest");
mds.setRefreshToken("1/abCD0F1GHijkLmNOPqrs_T2VWx3Y-Zabc45dE6FGh");
mds.setTokenURI("https://accounts.google.com/o/oauth2/token");