This endpoint serves to refresh a token. When a client acquires an
access token from the /token
endpoint, it also receives a refresh token.
The purpose of this refresh token is twofold:
-
It allows the client to obtain a new access token without having to
re-enter their credentials and is used to obtain a new access and refresh
token pair. This ensures seamless continuation of user authentication. -
Refresh tokens can also be employed to acquire extra access tokens
for other resources.
The refresh token has a longer lifespan than the access token, and can
be used to obtain a new access token when the current one expires. Refresh
tokens cannot be used as access tokens.
Access and Refresh tokens should be treated as sensitive data and should
be stored securely.