Overview
Thetokens client provides four operations for managing grant tokens:
- Exchange an authorization code for a grant token
- Refresh a grant token using a refresh token
- Verify a grant token online via the Grantex API
- Revoke a grant token by its token ID (JTI)
client.tokens.
Exchange
Exchange an authorization code for a grant token after the user approves the consent request.ExchangeTokenParams
ExchangeTokenResponse
Exchange with PKCE
Refresh
Refresh a grant token using a refresh token. Returns a new grant token and a new refresh token (the old refresh token is invalidated). Thegrant_id stays the same.
Refresh tokens are single-use and rotated on every refresh per SPEC §7.4.
RefreshTokenParams
Response
Returns anExchangeTokenResponse — same shape as exchange(). See above for field descriptions.
Verify
Verify a grant token online via the Grantex API. This sends the token to the server for validation and returns the token’s metadata.VerifyTokenResponse
For local signature-and-claim verification without the online revocation
endpoint, use
verify_grant_token(). The
standalone helper still fetches the remote JWKS on every invocation.Revoke
Revoke a grant token by its token ID (JTI claim). The token is immediately invalidated and can no longer be used.Parameters
The method returns
None. A GrantexApiError is raised if the token does not exist or has already been revoked.