EntitiesCredentialProvidersEmbedTokenCredentialProvider

refresh

View as MarkdownOpen in Claude
1refresh(): Promise<{ expiry_at: number; token: string; }>

Obtains fresh credentials before the current ones expire. Optional.

Implementor responsibilities:

  • Resolve with a new SDKCredential containing an updated token (or authorizationState) and expiry_at.
  • Reject (throw) if refresh is not possible — the SDK will stop the refresh schedule.

SDK behavior:

  • Only called when expiry_at was set on the previous credential.
  • Scheduled automatically before expiry; implementors do not need to manage timing.
  • On rejection, the refresh schedule stops and the session continues with the current credentials until they expire.
  • When not provided and the SAT includes a sat:refresh scope, the SDK automatically refreshes via Client Bound SAT (DPoP) without developer intervention.
  • When not provided and no refresh scope is present, the SDK uses the initial credentials for the entire session lifetime.

Returns

Promise<{ expiry_at: number; token: string; }>

Examples

1// Scheduled automatically by the SDK before `expiry_at`. To trigger manually
2// in tests:
3const fresh = await provider.refresh();
4console.log('new token expiry:', fresh.expiry_at);