...
The following flow diagram shows this flow:
...
First, the The client application authenticates with the BSN.cloud token endpoint by providing the credentials
If the credentials are valid, an access token and a refresh token are returned in the result
After that, the The client application makes an API call and must pass the access token
The API component validates the access token and allows access to the resource
Steps 3 and 4 can continue until the access token expires and the API signals this by returning an error response (this will be a
401or403status code)When the access token expires, the client application requests a new access token by providing the refresh token
The BSN.cloud token endpoint then issues a new access token and a new refresh token
Steps 3 through 7 keep on repeating repeat until the refresh token expires
When the refresh token expires, the client needs to re-authenticate with the authentication server once again and the flow repeats from step 1.
...