> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-fix-docs-5528-php-updates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Multi-Resource Refresh Token

> Learn about Multi-resource refresh token

<Warning>
  Multi-Resource Refresh Token is currently in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal). To learn more about Auth0's product release cycle, read [Product Release Stages](https://auth0.com/docs/troubleshoot/product-lifecycle/product-release-stages).
</Warning>

Multi-Resource <Tooltip data-tooltip-id="react-containers-DefinitionTooltip-1" href="/docs/ja-jp/glossary?term=refresh-token" tip="リフレッシュトークン: ユーザーに再度ログインを強いることなく、更新されたアクセストークンを取得するために使用されるトークン。" cta="用語集の表示">Refresh Tokens</Tooltip> (MRRT) allows a single [refresh token](/docs/ja-jp/secure/tokens/refresh-tokens) to receive [access tokens](/docs/ja-jp/secure/tokens/access-tokens) for multiple [APIs](/docs/ja-jp/get-started/apis), each with their own scopes and permissions. MRRT builds on standard [OAuth 2.0](/docs/ja-jp/authenticate/protocols/oauth) behavior by allowing refresh tokens to maintain multiple authorization policies.

When an application exchanges a refresh token for an <Tooltip data-tooltip-id="react-containers-DefinitionTooltip-1" href="/docs/ja-jp/glossary?term=access-token" tip="アクセストークン: APIへのアクセスに使用される、不透明な文字列またはJWT形式の認可資格情報。" cta="用語集の表示">access token</Tooltip>, it can select from a set of configured <Tooltip data-tooltip-id="react-containers-DefinitionTooltip-6" href="/docs/ja-jp/glossary?term=audience" tip="オーディエンス: 発行されたトークンに対するオーディエンスを表す一意の識別子。トークンでaudという名前が付けられ、その値にはIDトークンの場合はアプリケーション（Client ID）、アクセストークンの場合はAPI（API Identifier）のいずれかのIDが含まれます。" cta="用語集の表示">audience</Tooltip> and scopes. By doing so, MRRT streamlines authentication flows by avoiding the need to get a new refresh token for each API.
When using MRRT, Auth0 merges two sources of authorization to determine what access token to issue during a refresh token exchange:

1. The audience and scopes granted in the original authentication flow.
2. The audience and scopes configured in the application’s MRRT policy.

This allows applications to reuse the refresh token not only for APIs requested at login, but also for additional APIs allowed in the MRRT policy.

**The key benefits of MRRT include** :

* A single refresh token, per application, to manage when controlling access to multiple APIs.
* No need to go through a full <Tooltip data-tooltip-id="react-containers-DefinitionTooltip-1" href="/docs/ja-jp/glossary?term=authorization-flow" tip="認可フロー: OAuth 2.0フレームワークで指定されている認可付与（またはワークフロー）。" cta="用語集の表示">authorization flow</Tooltip> every time your application needs to access a new API.
* Performance improvement and reduced load on the <Tooltip data-tooltip-id="react-containers-DefinitionTooltip-5" href="/docs/ja-jp/glossary?term=authorization-server" tip="認可サーバー: ユーザーによるアクセスの限界を定義するために使用される集中管理型サーバー。たとえば、認可サーバーは、ユーザーが利用できるデータ、タスク、機能を制御できます。" cta="用語集の表示">authorization server</Tooltip>.
* Decrease risk of [rate limitation](/docs/ja-jp/troubleshoot/customer-support/operational-policies/rate-limit-policy) due to repeated full authorization code flows.

## How it works

<Frame>
  <img src="https://mintcdn.com/docs-dev-fix-docs-5528-php-updates/BPQny5Q2lnPFhDgT/docs/images/ja-jp/cdy7uua7fh8z/1V12Rzfm8mafMTaxlcEr25/a9ab2a335a835f0c2ae61eb1d767c9fa/Docs_Diagram_Toolkit_-_Carlos__1_.png?fit=max&auto=format&n=BPQny5Q2lnPFhDgT&q=85&s=2118c4cbcc8a3726af84fc1955ca43a9" alt="" width="1400" height="943" data-path="docs/images/ja-jp/cdy7uua7fh8z/1V12Rzfm8mafMTaxlcEr25/a9ab2a335a835f0c2ae61eb1d767c9fa/Docs_Diagram_Toolkit_-_Carlos__1_.png" />
</Frame>

1. Application authenticates with Auth0.

2. Auth0 returns an access token and a multi-resource refresh token.

3. Application uses the access token to call API 1.

4. Application exchanges the multi-resource refresh token for access to API 2.

5. Auth0 returns a new access token scoped to API 2.

6. Application calls API 2 using the new access token.

<Callout icon="file-lines" color="#0EA5E9" iconType="regular">
  For example,  A native application authenticates the user and requests access to `https://api.example.com` audience. Then, the application needs access to the `https://billing.example.com` audience. If both APIs are included in the application’s MRRT policy, the application can exchange a refresh token for an access token for either API.
</Callout>

Learn how to [Configure and Implement Multi-resource refresh token](/docs/ja-jp/secure/tokens/refresh-tokens/multi-resource-refresh-token/configure-and-implement-multi-resource-refresh-token).

## Limitations

* Each access token issued through MRRT is scoped to a single API. If your application requires access to multiple APIs, you must request separate access tokens for each API.
* MRRT supports only [first-party applications](https://auth0.com/docs/get-started/applications/first-party-and-third-party-applications#first-party-applications).
* MRRT supports APIs configured to [allow skipping user consent](https://auth0.com/docs/get-started/applications/third-party-applications/user-consent-and-third-party-applications#skip-consent-for-first-party-applications).
* The Auth0 <Tooltip data-tooltip-id="react-containers-DefinitionTooltip-0" href="/docs/ja-jp/glossary?term=management-api" tip="Management API: 顧客が管理タスクを実行できるようにするための製品。" cta="用語集の表示">Management API</Tooltip> can not be included in the MRRT policies.
