Skip to content
Nhost Documentation
Support Dashboard

Refresh OAuth2 provider tokens

POST
/token/provider/{provider}

Refresh the OAuth2 provider access token using a valid refresh token. Returns a new provider session with updated access token, refresh token (if rotated by provider), and expiration information. This endpoint allows maintaining long-lived access to provider APIs without requiring the user to re-authenticate.

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Path Parameters

Section titled “Path Parameters ”
provider
required
string
Allowed values: apple github google linkedin discord spotify twitch gitlab bitbucket workos azuread entraid strava facebook windowslive twitter

The name of the social provider

Request Body required

Section titled “Request Body required ”

Provider refresh token to exchange for a new access token

Request to refresh OAuth2 provider tokens

object
refreshToken
required

OAuth2 provider refresh token obtained from previous authentication

string
Example
1//0gK8...

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Successfully refreshed provider tokens

OAuth2 provider session containing access and refresh tokens

object
accessToken
required

OAuth2 provider access token for API calls

string
Example
ya29.a0AfH6SMBx...
expiresIn
required

Number of seconds until the access token expires

integer
Example
3599
expiresAt
required

Timestamp when the access token expires

string format: date-time
Example
2024-12-31T23:59:59Z
refreshToken

OAuth2 provider refresh token for obtaining new access tokens (if provided by the provider)

string
nullable
Example
1//0gK8...

default

Section titled “default ”

An error occurred while processing the request

Standardized error response

object
status
required

HTTP status error code

integer
Example
400
message
required

Human-friendly error message

string
Example
Invalid email format
error
required

Error code identifying the specific application error

string
Allowed values: default-role-must-be-in-allowed-roles disabled-endpoint disabled-user email-already-in-use email-already-verified forbidden-anonymous internal-server-error invalid-email-password invalid-request locale-not-allowed password-too-short password-in-hibp-database redirectTo-not-allowed role-not-allowed signup-disabled unverified-user user-not-anonymous invalid-pat invalid-refresh-token invalid-ticket disabled-mfa-totp no-totp-secret invalid-totp mfa-type-not-found totp-already-active invalid-state oauth-token-echange-failed oauth-profile-fetch-failed oauth-provider-error invalid-otp cannot-send-sms provider-account-already-linked