https://${realm.url}/oauth/${realm.name}/.well-known/openid-configurationPOST /token_endpoint HTTP/1.1Host: oauth.serverContent-Type: application/x-www-form-urlencodedgrant_type=refresh_token&refresh_token=A_REFRESH_TOKEN&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET
| Parameter | Required | Description |
|---|---|---|
| grant_type | Yes | The value must be refresh_token |
| refresh_token | Yes | the refresh_token received during authentication |
| client_id | No | Only required if the client authenticates through client_secret_post or does not authenticate (for native clients) |
| client_secret | No | Only required if the client authenticates through client_secret_post |
| client_assertion | No | Only required if the client authenticated through client_secret_jwt or private_key_jwt |
| client_assertion_type | No | Only required if a clientassertion is used. The value must be _urn:ietf:params:oauth:client-assertion-type:jwt-bearer |
| resource | No | The URI of a resource which has been declared in the Realm |
HTTP/1.1 400 Bad RequestContent-Type: application/jsonCache-Control: no-storePragma: no-cache{"error": "AN_ERROR_CODE","error_description": "AN_ERROR_DESCRIPTION"}
HTTP/1.1 200 OKContent-Type: application/jsonCache-Control: no-storePragma: no-cache{"access_token": "AN_ACCESS_TOKEN_VALUE","id_token" : "AN_ID_TOKEN","token_type": "Bearer","expires_in": 3600,"refresh_token" : "A_NEW_REFRESH_TOKEN"}