xiaomi-passport.github.io

Refresh Access Token

Attention: A refresh token can only refresh the access token once, and we will issue a new refresh token after issuing new access token.

1. Refresh access token by refresh token

request url:  https://account.xiaomi.com/oauth2/token

request method:  GET

Request rate limiting: 5000/seconeds

request params:

response data:

• SUCCESS

Once the request is accepted, the server will return strings in json format:

1. access_token: access token required to obtain
2. expires_in: access token’s validity period in seconds, see Token Life Cycle
3. refresh_token: refresh token, all apps return this data (valid for 10 years)
4. scope: scope of access token, see scope permission​ list
5. mac_key: MAC key required for interactions between HTTP and Open API, validity period same as that of access token
6. mac_algorithm: algorithm used for for interactions between HTTP and Open API and digital signatures, currently supports HmacSha1
7. openId: user’s openId, can be stored by the website or app for verifying the user when they sign in next time

&&&START&&&{
  "access_token": "access token value",
  "expires_in": 360000,
  "refresh_token": "refresh token value",
  "scope": "scope value",
  "token_type ": "mac",
  "mac_key ": "mac key value",
  "mac_algorithm": " HmacSha1",
  "openId":"2.0XXXXXXXXX"
}

NOTE： &&&​START​&&& can be deleted directly, preferably via replace("&&&START&&&", "")

• FAILED

Once the request is denied, the server will return strings in json format:

1. error：error code, int number, see ​oauth error code list
2. error_description：text describe the error

&&&START&&&{
  "error": "error_code",
  "error_description": "error description"
}

NOTE： &&&​START​&&& can be deleted directly, preferably via replace("&&&START&&&", "")