(Chilkat2-Python) Refresh OAuth2 Access Token with Optional Params

See more OAuth2 Examples

Note: This example requires Chilkat v9.5.0.97 or greater.

Chilkat2 Python Downloads install with pip pip3 install chilkat2 or download... Python Module for Windows, Linux, Alpine Linux, MacOS

import sys
import chilkat2

# Here is a sampling of possible optional parameters that might
# be used by some OAuth2 providers.

# Optional Parameters
# 
#     "scope":
#         Specifies the scope of the access request. If omitted, the authorization
#         server may issue a token with the same scope as the original token.
#         Example: "scope=read write"
# 
#     "redirect_uri":
#         The redirect URI used in the original authorization request. Some
#         servers may require this for validation.
#         Example: "redirect_uri=https://example.com/callback"
# 
#     "resource":
#         Indicates the target resource or audience for the token. This is used in
#         some implementations (e.g., Microsoft Identity Platform).
#         Example: "resource=https://api.example.com"
# 
#     "audience":
#         Similar to "resource", this specifies the intended audience for the
#         token (used in some OAuth2 implementations like Auth0).
#         Example: "audience=https://api.example.com"
# 
#     "client_assertion" and "client_assertion_type":
#         Used for client authentication using a signed JWT instead of a client
#         secret.
#         Example:client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...        
#         client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
# 
#     "token_type_hint":
#         Provides a hint to the authorization server about the type of token
#         being refreshed. This is rarely used but can be helpful in some cases.
#         Example: "token_type_hint=refresh_token"
# 
#     "assertion":
#         Used in some flows (e.g., SAML bearer assertion flow) to provide an
#         assertion for token issuance.
#         Example: "assertion=PHNhbWxwOl..."
# 
#     "requested_token_use":
#         Specifies how the token will be used (e.g., "on_behalf_of" in the
#         On-Behalf-Of flow used by Microsoft Identity Platform).
#         Example: "requested_token_use=on_behalf_of"
# 

# --------------------------------------------------------------------------------
# This example wll refresh the access token and includes the "audience"
# optional query parameter.
# 
# 

# Get the access token to be refreshed.
jsonToken = chilkat2.JsonObject()
success = jsonToken.LoadFile("qa_data/tokens/myAccessToken.json")
if (success != True):
    print("Failed to load hmrc.json")
    sys.exit()

oauth2 = chilkat2.OAuth2()

oauth2.TokenEndpoint = "https://api.example.com/oauth/token"

# Replace these with actual values.
oauth2.ClientId = "CLIENT_ID"
oauth2.ClientSecret = "CLIENT_SECRET"

# Add the optional refresh query param.
# Call AddRefreshQueryParam multiple times to add additional params.
oauth2.AddRefreshQueryParam("audience","https://api.example.com")

# Provide the existing refresh token from the JSON.
oauth2.RefreshToken = jsonToken.StringOf("refresh_token")

# Send the HTTP POST to refresh the access token..
success = oauth2.RefreshAccessToken()
if (success != True):
    print(oauth2.LastErrorText)
    sys.exit()

# Load the access token response into the json object 
jsonToken.Load(oauth2.AccessTokenResponse)

# Save the new JSON access token response to a file.
# The access + refresh tokens contained in this JSON will be needed for the next refresh.
sbJson = chilkat2.StringBuilder()
jsonToken.EmitCompact = False
jsonToken.EmitSb(sbJson)
sbJson.WriteFile("qa_data/tokens/myAccessToken.json","utf-8",False)

print("OAuth2 access token refreshed!")
print("New Access Token = " + oauth2.AccessToken)