Documentation
Refresh Tokens
Use offline_access to renew access tokens without prompting the user to log in again.
Requesting a refresh token
Include the offline_access scope in your authorization request. After consent (when applicable), the token response includes a refresh_token.
Refreshing
refresh.ts
const body = new URLSearchParams({
grant_type: "refresh_token",
refresh_token: "STORED_REFRESH_TOKEN",
client_id: "YOUR_CLIENT_ID",
client_secret: "YOUR_CLIENT_SECRET",
});
const res = await fetch("https://auth.rdnt.live/api/auth/oauth2/token", {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body,
});
const tokens = await res.json();
// May include a rotated refresh_token — persist the new valueTip
Refresh proactively when the access token is within ~60 seconds of expiry to avoid user-visible failures.
Rotation
Radiant Auth may return a new refresh token on each refresh. Always replace the stored refresh token when a new one is present. Reusing an invalidated refresh token should fail — treat that as a forced re-login.
Revocation
On logout, revoke the refresh token at https://auth.rdnt.live/api/auth/oauth2/revoke so it cannot be reused.
Warning
Refresh tokens are long-lived credentials. Encrypt them at rest and never send them to the browser for confidential clients.