refreshHeaders property

Headers applied to requests sent to refreshUrl.

Behavior

• Merged headers. These headers are merged with global HTTP headers from HttpConfig.headers (configured via Config.http) when the refresh request is made.
• Content-Type is fixed. The SDK always sends refresh requests as application/x-www-form-urlencoded. You cannot override Content-Type for the refresh request.
• Template variables.
  • {accessToken} — replaced at runtime with the current accessToken value (useful for chaining auth where the refresh endpoint also requires the existing token).

Defaults

If you do not supply refreshHeaders, the SDK applies:

{ "Authorization": "Bearer {accessToken}" }

Disabling extra headers

If you want no additional headers on the refresh request, set:

refreshHeaders: const {}

and ensure you haven't configured conflicting global HttpConfig.headers that you don't want merged.

Examples

Custom Authorization header:

BackgroundGeolocation.ready(Config(
  http: HttpConfig(
    headers: { "X-App-Version": "1.2.3" } // merged into refresh request as well
  ),
  authorization: Authorization(
    accessToken: "XXX.YYY.ZZZ",
    refreshUrl: "https://auth.domain.com/tokens",
    refreshToken: "REFRESH_TOKEN",
    refreshHeaders: {
      "Authorization": "Bearer {accessToken}",
      "X-Tenant": "acme"
    }
  )
));

No extra headers on refresh:

authorization: Authorization(
  refreshUrl: "https://auth.domain.com/tokens",
  refreshToken: "REFRESH_TOKEN",
  refreshHeaders: const {} // prevents default Authorization header
)