All SSO tokens, including the native OpenEdge SSO token, must expire after some set interval. They can be refreshed either by:

  • Performing a full direct login by the client
  • Returning to the point where an SSO token was issued and requesting a new token with an extended expiration

Refreshing a native OpenEdge SSO token takes place using a defined URL (similar to the way HTTP form login is implemented). In this case, the client uses a POST request to a URL, and passes the refresh token it received with the last SSO token it obtained. If the refresh operation is successful, it returns a new SSO token and, optionally, a new refresh token.

Client request

POST web-app-url/static/auth/token?op=refresh
{ “token_type” : “oecp”,
 “refresh_token” : “oecp-ref-token”
}

Server response

Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{ 
 “token_type” : “oecp”,
 “access_token” : “b64-oecp-sso-token”,
 “refresh_token” : “oecp-ref-token”,
 “expires_in” : int-seconds
}

HTTP status codes

  • 200 indicates successful server response.

  • 401 indicates SSO token generation failure.

    Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{ 
“error” : “401”,
“error_description” : “error-desc”
}

 token-error-code
    For more information about token-error-code, see SSO token error codes.