Karve app icon

Karve

Authentication oauth-refresh-token.http

OAuth refresh token .http file example

Call the token endpoint with refresh_token when an access token expires without repeating the full sign-in flow.

oauth-refresh-token.http

@tokenUrl = https://auth.example.com/oauth/token
@clientId = replace-with-client-id
@clientSecret = replace-with-client-secret
@refreshToken = replace-with-refresh-token

### Exchange a refresh token for a new access token
POST {{tokenUrl}}
Accept: application/json
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&refresh_token={{refreshToken}}&client_id={{clientId}}&client_secret={{clientSecret}}

Variables to replace

tokenUrl
The authorization server's token endpoint.
clientId
The OAuth client ID.
clientSecret
The client secret when the provider requires one.
refreshToken
The long-lived refresh token; store the real value outside Git.

Expected response

A successful exchange normally returns 200 OK with a new access_token and expiry. Some providers also rotate and return a new refresh_token; preserve it according to the provider's rules.

Karve does not update variables from a response automatically. Copy rotated tokens manually into your environment.

Related examples and guides

Learn the full syntax in the .http file format guide, manage secrets with variables and environments, or see how to run .http files on Windows.

Launch Summer Sale

Run this request without leaving Windows.

Karve opens .http files as a native workspace: edit the plain text, press Run, inspect the response, and keep the file in Git.

15-day free trial · No account · No subscription · No metered requests

25% off until Sep 1