Refresh Token | WordPress OAuth Codex

Refresh Token

Documentation under "General" for WP OAuth Server

Refresh Token

Refresh tokens are used as a way to gain a new access token after the original access token has expired.

What is Needed?

If you are using a refresh token, this article is going to assume that a general understanding of what a refresh token is and how to use the OAuth2 endpoints.





  • (required) grant_type – “refresh_token”
  • (required) refresh_token – A Valid Refresh Token.


The Return

The server will return JSON containing the following values on a successful refresh token request.



  • access_token – A new access token
  • expires_in – The length of seconds from the time the access token was issued until the access_token becomes invalid.
  • token_type
  • scope
  • *refresh_token – A new refresh token

* If a new refresh token is wanted in the return, the filter below will need to be added to your theme’s function file.

add_filter( 'wo_always_issue_new_refresh_token', '__return_true' );



"access_token": "nziindid3if24vrjbp6cdzyxiuybrcjjsd6grks7",
"expires_in": 234234,
"token_type": "Bearer",
"scope": "basic"
"request_token": "khaskdjhkhasdnaiwbwsh123"

Search Documentation

General Articles

Below is a list of "General" documentation articles.

OAuth Server 3.8.2

WP OAuth Server Pro allows for Unlimited clients and multiple grant types.