All SSO tokens, including the native OpenEdge SSO token, must expire after some set interval. They can be refreshed either by:

  • performing a full direct-login by the client
  • returning to the point where an SSO token was issued and requesting a new token with an extended expiration

Refreshing of a native OpenEdge SSO token takes place via a defined URL ( similar to the way HTTP FORM login is implemented). In this case the client uses a POST request to a URL and passes the refresh token it received with the last SSO token it obtained. If the refresh operation is successful it will return a new SSO token and, optionally, a new refresh token.

Client request

POST web-app-url/static/auth/token?op=refresh
{ “token_type” : “oecp”,
 “refresh_token” : “oecp-ref-token”
}

Server response

Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{ 
 “token_type” : “oecp”,
 “access_token” : “b64-oecp-sso-token”,
 “refresh_token” : “oecp-ref-token”,
 “expires_in” : int-seconds
}

HTTP Status Codes

  • 200 indicates successful server response.

  • 401 indicates SSO token generation failure

    Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{ 
“error” : “401”,
“error_description” : “error-desc”
}

 token-error-code
    Note: For more information on token-error-code, see SSO Token Error Codes.