Sample code for 30+ languages & platforms
Classic ASP

Salesforce OAuth2 Refresh Access Token

See more OAuth2 Examples

Demonstrates how to refresh a Salesforce Access Token.

Note: Use Chilkat v10.1.2 or later for this example.

Chilkat Classic ASP Downloads

Classic ASP
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
success = 0

' This example requires the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

' It is assumed we previously obtained an OAuth2 access token.
' This example loads the JSON access token file 
' saved by this example: Get SalesForce OAuth2 Access Token via Authorization Flow

set jsonToken = Server.CreateObject("Chilkat.JsonObject")
success = jsonToken.LoadFile("qa_data/tokens/_salesforce.json")
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( "Failed to load _salesforce.json") & "</pre>"
    Response.End
End If

' This is an example of a Salesforce OAuth2 access token to be refreshed:

' {
'   "access_token": "00D41000....uLZBpT6",
'   "refresh_token": "5Aep....25xdGgkrV",
'   "signature": "cjTbSc5DvcKpaMoRTzuQTJLb1tcMw8LEO01flq4aMD4=",
'   "scope": "refresh_token id",
'   "instance_url": "https://d41000000f8a0eak-dev-ed.my.salesforce.com",
'   "id": "https://login.salesforce.com/id/00D41000000F8A0EAK/005410000....xAAE",
'   "token_type": "Bearer",
'   "issued_at": "1738348388166"
' }

set oauth2 = Server.CreateObject("Chilkat.OAuth2")

oauth2.TokenEndpoint = "https://login.salesforce.com/services/oauth2/token"

' Replace this with your actual client ID (Consumer Key)
oauth2.ClientId = "CLIENT_ID"

' Note: The client secret is not required because we configured our Connected App
' to not require it for the refresh flow.  See the screenshot below.

' Get the "refresh_token"
oauth2.RefreshToken = jsonToken.StringOf("refresh_token")

' Send the HTTP POST to refresh the access token..
success = oauth2.RefreshAccessToken()
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( oauth2.LastErrorText) & "</pre>"
    Response.End
End If

' The response contains a new access token, but we must keep
' our existing refresh token for when we need to refresh again in the future.
success = jsonToken.UpdateString("access_token",oauth2.AccessToken)

' Save the new JSON access token response to a file.
set sbJson = Server.CreateObject("Chilkat.StringBuilder")
jsonToken.EmitCompact = 0
success = jsonToken.EmitSb(sbJson)
success = sbJson.WriteFile("qa_data/tokens/_salesforce.json","utf-8",0)

Response.Write "<pre>" & Server.HTMLEncode( "OAuth2 authorization granted!") & "</pre>"
Response.Write "<pre>" & Server.HTMLEncode( "New Access Token = " & oauth2.AccessToken) & "</pre>"

' --------------------------------------------------------------------------
' Here's a screenshot of a Salesforce Connected App 
' which does not requires the secret for the authorization or refresh flow.
' image

%>
</body>
</html>