Livecode Wiki

Obtain a new authorization token using a refresh token. Please note in order to use this library that for a bug on version 9 you should type:

start using stack "oauth2"

Built-in Message handler[]


OAuth2Refresh pTokenURL,pClientID,pClientSecret,pRefreshToken,pPort


  • pTokenURL The URL to obtain the authorization token from once an authorization code is sent to the redirect uri. This can be obtained from the API documentation of the service being authorized.
  • pClientID The application client ID obtained when setting up your application with the web service.
  • pClientSecret The application client secret obtained when setting up your application with the web service.
  • pPort The port to use for the redirect uri. It is recommended to use the range 49152-65535.
  • it An array containing the parsed JSON data returned by the token url
  • the result An error string if an error occurred during authorization


constant kTokenURL = ""
constant kClientSecret = "XXXXXXXXXXXXXXXXXXXXXXX"

private command RefreshAuth
  OAuth2Refresh kTokenURL, kClientID, kClientSecret, sAuth["refresh_token"], 59004  
  if the result is empty then
     put it into sAuth
     return "Not authorized" for error
  end if
  set the httpHeaders to "Authorization: Bearer "& sAuth["access_token"]
  return empty for error
end RefreshAuth

Access tokens have limited lifetimes. If your application needs access to an API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.

Note: Save refresh tokens in secure long-term storage and continue to use them as long as they remain valid. Limits apply to the number of refresh tokens that are issued per client-user combination, and per user across all clients, and these limits are different. If your application requests enough refresh tokens to go over one of the limits, older refresh tokens stop working.

See also: OAuth2