Token management

“Token management” refers to the ID token refresh/revocation process. The Akoya ID token is used to enable secure communication between a data recipient and the Akoya network.

🚧

Token required!

Please obtain a token prior to completing this section.


"Happy path" tests


Test caseTask(s)Expected result(s)
Refresh an ID tokenCall the /token endpoint with the refresh_token.Receive valid new ID and refresh tokens.
Refresh an expired ID token1. Identify an id_token older than 24 hours.

2. Call the /token endpoint with the refresh_token.
Receive valid new ID and refresh tokens.
Revoke an ID token1. Call the /token/revoke endpoint.

2. Attempt a call to the /accounts endpoint.
1. HTTP 200: OK (empty payload)

2. HTTP 401: Unauthorized

Error payload:
{
"code": 602,
"message": "Customer not authorized"
}

“Sad path” tests


Please review our error codes documentation.

Test caseTask(s)Expected result(s)
Refresh a used refresh_token.Test a token refresh call with a refresh_token that has already been claimed.HTTP 400: Bad Request

Error payload:
{
"error": "invalid_request",
   "error_description": "Refresh token is invalid or has 
 already been claimed by another client."
}
Refresh with invalid client_secret.Try a token refresh with an invalid client_secret.HTTP 401: Unauthorized

Error payload:
{
   "error": "invalid_client",
   "error_description": "Invalid client credentials."
}
Revoke with invalid client_secret.1. Try the revoke token endpoint without a client_secret.

2. Try the revoke token endpoint with an incorrect client_secret.
1. HTTP 400: Bad Request

Error payload:
{
   "error": "invalid_request"
}


2. HTTP 401: Unauthorized

Error payload:
{
   "error": "unauthorized_client"
}
Obtain a token with invalid authorization code.1. Use the /token endpoint with an expired code.

2. Use the /token endpoint with an incorrect code.
(both tasks) HTTP 400: Bad Request

Error payload:
{
   "error": "invalid_request",
   "error_description": "Invalid or expired code parameter."
}
Obtain a token with an incorrect redirect_URI.Use /token endpoint with an incorrect redirect_URI.HTTP 400: Bad Request

Error payload:
{
   "error": "invalid_request",
   "error_description": "redirect_uri did not match URI 
from initial request."
}
Obtain a token with a missing grant_type field.1. Use /token endpoint with a missing grant_type field.

2. Use /token endpoint with an incorrect grant_type field.
HTTP 400: Bad Request

Error payload:
{
   "error": "invalid_grant"
}
Obtain a token with an incorrect client_id.1. Use /token endpoint with an incorrect clientId.

2. Use /token endpoint with an incorrect client_secret.
1. HTTP 401: invalid_client

2. HTTP 401 Unauthorized

Error payload:
{
   "error": "invalid_client",
   "error_description": "Invalid client credentials."
}
Refresh a token without a refresh_token.Use /token endpoint with grant_type=refresh_token without including the current refresh_token.HTTP 400 Bad Request

Error payload:
{
   "error": "invalid_request",
   "error_description": "No refresh token in request."
}