--- title: Creating a refresh request framework: authenticationservices role: article role_heading: Article path: authenticationservices/creating-a-refresh-request --- # Creating a refresh request Refresh a non-expired token instead of sending a new login request. ## Overview Overview The system sends a refresh request instead of a login request when a token hasn’t expired yet and the refreshEndpointURL is set. The refresh request also sends a server nonce request before it begins. A refresh request uses the previous refresh token to request a new token without prompting the user for credentials. The system attempts it when the existing token hasn’t expired and the time since the last full login hasn’t exceeded the LoginFrequency in the Device Management profile. It doesn’t apply to User Secure Enclave key authentication, because the user isn’t prompted for credentials. The refresh request is a JSON Object Signing and Encryption object (JOSE) object that’s formatted per RFC 7519 and signed with the DeviceSigningKey and ES256 per RFC 7515. Processing the refresh network request and response is the same as for a JSON Web Encryption (JWE) login response. For more information, see Creating a JSON Web Encryption (JWE) login response. The following table specifies the header parameters that the system uses to create a refresh request: | | | | | | | | | | | | The following table specifies the body parameters that the system uses to create a refresh request: | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following code provides an example of a refresh request: { "kid" : "10gy5SeDGL4KRZb0gKyFmPuV9LBAcm/Istdk4lgn24M=", "x5c" : "MIIBg...nFg==", "typ" : "platformsso-refresh-request+jwt", "alg" : "ES256" }.{ "iat" : 1685750697, "jwe_crypto" : { "alg" : "ECDH-ES", "enc" : "A256GCM", "apv" : "AAAAB...zZEMA" }, "nonce" : "A978348D-DEDF-4AF2-94D4-FCC60B6736D0", "request_nonce" : "AwABA...YQgAA", "scope" : "openid offline_access urn:apple:platformsso", "refresh_token" : "abcd1234", "grant_type" : "refresh_token", "exp" : 1685750997, "aud" : "https://localhost.apple.com:8888/auth/token", "client_id" : "aaff1524-fa35-40c5-94e3-2b233c5f2965", "iss" : "aaff1524-fa35-40c5-94e3-2b233c5f2965" }.[Signature] ## See Also ### Login request - [Performing a WS-Trust login request](authenticationservices/performing-a-ws-trust-login-request.md) - [Creating an embedded assertion](authenticationservices/creating-an-embedded-assertion.md) - [Creating an encrypted embedded assertion](authenticationservices/creating-an-encrypted-embedded-assertion.md) - [Creating and validating a login request](authenticationservices/creating-and-validating-a-login-request.md) - [Supporting key requests and key exchange requests](authenticationservices/supporting-key-requests-and-key-exchange-requests.md)