Token management

“Token management” refers to the ID token refresh/revocation process. The Akoya ID token is used to enable secure communication between a data recipient and the Akoya network.

🚧
Token required!
Please obtain a token prior to completing this section.

"Happy path" tests

Test case	Task(s)	Expected result(s)
Refresh an ID token	Call the `/token` endpoint with the `refresh_token`.	Receive valid new ID and refresh tokens.
Refresh an expired ID token	1. Identify an `id_token` older than 24 hours. 2. Call the `/token` endpoint with the `refresh_token`.	Receive valid new ID and refresh tokens.
Revoke an ID token	1. Call the `/token/revoke` endpoint. 2. Attempt a call to the `/accounts` endpoint.	1. `HTTP 200: OK` (empty payload) 2. `HTTP 401: Unauthorized` Error payload: { "code": 602, "message": "Customer not authorized" }

“Sad path” tests

Please review our error codes documentation.

Test case	Task(s)	Expected result(s)
Refresh a used `refresh_token`.	Test a token refresh call with a `refresh_token` that has already been claimed.	`HTTP 400: Bad Request` Error payload: { "error": "invalid_request", "error_description": "Refresh token is invalid or has already been claimed by another client." }
Refresh with invalid `client_secret`.	Try a token refresh with an invalid `client_secret`.	`HTTP 401: Unauthorized` Error payload: { "error": "invalid_client", "error_description": "Invalid client credentials." }
Revoke with invalid `client_secret`.	1. Try the revoke token endpoint without a `client_secret`. 2. Try the revoke token endpoint with an incorrect `client_secret`.	1. `HTTP 400: Bad Request` Error payload: { "error": "invalid_request" } 2. `HTTP 401: Unauthorized` Error payload: { "error": "unauthorized_client" }
Obtain a token with invalid authorization code.	1. Use the `/token` endpoint with an expired `code`. 2. Use the `/token` endpoint with an incorrect `code`.	(both tasks) `HTTP 400: Bad Request` Error payload: { "error": "invalid_request", "error_description": "Invalid or expired code parameter." }
Obtain a token with an incorrect `redirect_URI`.	Use `/token` endpoint with an incorrect `redirect_URI`.	`HTTP 400: Bad Request` Error payload: { "error": "invalid_request", "error_description": "redirect_uri did not match URI from initial request." }
Obtain a token with a missing `grant_type` field.	1. Use `/token` endpoint with a missing `grant_type` field. 2. Use `/token` endpoint with an incorrect `grant_type` field.	`HTTP 400: Bad Request` Error payload: { "error": "invalid_grant" }
Obtain a token with an incorrect `client_id`.	1. Use `/token` endpoint with an incorrect `clientId`. 2. Use `/token` endpoint with an incorrect `client_secret`.	1. `HTTP 401: invalid_client` 2. `HTTP 401 Unauthorized` Error payload: { "error": "invalid_client", "error_description": "Invalid client credentials." }
Refresh a token without a `refresh_token`.	Use `/token` endpoint with `grant_type=refresh_token` without including the current `refresh_token`.	`HTTP 400 Bad Request` Error payload: { "error": "invalid_request", "error_description": "No refresh token in request." }

Updated about 2 years ago