The refresh token grant is used to replace expired access tokens with active ones by exchanging the refresh token at the endpoint specified by the Token URI option.
Note: As opposed to using a third-party application such as Postman, you can use the Progress DataDirect Autonomous REST Connector Configuration Manager to obtain an refresh token to support the refresh token grant. See Obtaining access and refresh tokens using the Configuration Manager for details.
To configure the driver to use an authentication flow for a refresh token grant:
  • Configure the minimum options required for a connection:
    • If you are using a Model file, set the REST Config File (RestConfigFile) option to provide the name and location of the Model file. For example, C:/path/to/zendesk.rest.
    • If you are using the REST Sample Path method, set the REST Sample Path (RestSamplePath) option to specify the endpoint that you want to connect to and sample. For example, https://example.com/countries/.
  • Set the Authentication Method (AuthenticationMethod) option to 54 (OAuth2-Refresh Token).
    Note: To support existing configurations, the Authentication Method option will continue to support the 24 (OAuth2) value for the refresh token grant.
  • Set the Client ID (ClientID) option to specify the client ID key for your application.
  • Set the Client Secret (ClientSecret) option to specify the client secret for your application.
    Important: The client secret is a confidential value used to authenticate the application to the server. To prevent unauthorized access, this value must be securely maintained.
  • Set the Refresh Token (RefreshToken) option to specify the refresh token used to request a new access token or renew an expired one.
    Important: The refresh token is a confidential value used to authenticate to the server. To prevent unauthorized access, this value must be securely maintained.
  • Set the Token URI (TokenURI) option to specify the endpoint from which the driver fetches access tokens.
    Note: By default, the connector prefixes the token URI endpoint with a GET request method. However, some OAuth implementations require that the token URI endpoint be passed with a POST request method. In this scenario, the token URI endpoint must be prefixed with POST when specifying the value of the TokenURI option. For example: TokenURI=POST https://example.com/oauth2/authorize/.
  • Optionally, specify values for a custom HTTP header to be used for authentication, such as those used in tenant ID authentication:
    • Set the Authentication Header (AuthHeader) option to specify the name of the HTTP header used for authentication.

    • Set the Security Token (SecurityToken) option to specify the value of the HTTP header named by the Authentication Header option.

    For example, if you have a header value of Authorization:1a2bc34def567, you would specify a values of AuthHeader=Authorization and SecurityToken=1a2bc34def567.

    Note: You can specify multiple custom HTTP headers using the #headers in the Model file. See "Requests with custom HTTP headers" for details.
  • Optionally, set the Scope (Scope) option specify a space-separated list of OAuth scopes to limit the permissions granted by the access token.
  • Optionally, set the OAuth Client Credentials Mode (ClientCredentialsMode) option to determine how client credentials are sent in a request to obtain an access token . Configure this option for flows that require client credentials to be specified as only a basic authentication header or only as a URL parameter.
    • If set to 0 (Default), the client credentials are sent as a basic authentication header. This is the default setting.
    • If set to 1 (Basic), the client credentials are sent as a basic authentication header.
    • If set to 2 (Url), the client credentials are sent as a URL parameter.

    • If set to 3 (Post), the client credentials are sent in the body of a POST request.

  • Optionally, specify values for any additional options you want to configure. See "Connection option descriptions" for a complete list of options.

The following examples demonstrate a Google Analytlics session using a refresh token grant:

Using a connection URL:

DRIVER=DataDirect 8.0 Autonomous REST Connector;AuthenticationMethod=54;
       ClientID=1234567898-a1bc2de3fgh4ij567klmn8opqr9stu.apps.googleusercontent.com
       Clientsecret=FaZBFRsGXTaR;RestConfigFile=C:/path/to/googleanalytics.rest;
       RefreshToken=1/abCD0F1GHijkLmNOPqrs_T2VWx3Y-Zabc45dE6FGh;
       TokenURI=https://accounts.google.com/o/oauth2/token;

Using an odbc.ini file with a 32-bit driver: 

Driver=ODBCHOME/lib/ivautorestxx.so;
Description=My Autonomous REST Data Source
...
AuthenticationMethod=54;
...
ClientID=1234567898-a1bc2de3fgh4ij567klmn8opqr9stu.apps.googleusercontent.com
...
Clientsecret=FaZBFRsGXTaR
...
RefreshToken=1/abCD0F1GHijkLmNOPqrs_T2VWx3Y-Zabc45dE6FGh
...
RestConfigFile=C:/path/to/googleanalytics.rest
...
TokenURI=https://accounts.google.com/o/oauth2/token
...