We're updating the issue view to help you get more done. 

Nationwide - Refresh Token API does not work as expected

Description

Hello,

We have been testing with your APIs and we have successfully integrated our mobile/web apps with the Account Information APIs you offer. However, we are facing an issue with the refresh token API and we are not sure why this is happening.

We use the following request to refresh the access token as we do with other OB banks:

curl -X POST \   https://token.tiaa.barclays.com/as/token.oauth2
  -H 'Authorization: Basic UUhNb0JQUDU3eF...'
  -H 'Connection: keep-alive'
-H 'Content-Type: application/x-www-form-urlencoded'
  -H 'accept: application/json' \ -d 'grant_type=refresh_token&scope=accounts&refresh_token=ya0vakj1xxXH8W...'

The problem is that in the response we get below the access token we receive does not seem valid because it is much smaller than the one we initially get from the account consent flow and does not work when calling Account APIs. At the same time the new refresh token is NOT part of the response as we expected.

{
"access_token": "dsd7T8FN7dElay8R941ECXFWQlAO",
"token_type": "Bearer",
"expires_in": 1799,
"scope": "accounts",
"id_token": "eyJraWQiOiJmMzRKM19yTHBoZ01MbnI3W..."
}

Thanks in advance,

Christos Nicolaou.

Technical Impact

None

Workaround

None

Resolution Notes

None

Impact Assessment

None

Status

Assignee

Unassigned

Reporter

Beejal Nagar

Reference

None

Service Desk Reference

OBSD-9821

ASPSP

Query Type

None

TPP Impact

Medium

Business Impact Severity

None

Share

Yes