Does the Refresh Token need to be handled from FrontEnd or BackEnd side??
Do I need to call just once the /oauth/token endpoint? Or should be one for the grant_type=client_credentials and another one for grant_type=refresh_token?
Thanks
Hi @marmv90,
There are different types of refresh tokens. This docs explains it, generally.
Typically, the refresh token is going to be handled in whatever application requests it. For example, a React SPA can request a rotating refresh token that will be used to maintain the session between page refreshes, etc. A native app may request a long lived refresh token to keep a user’s session from expiring for a much longer period.
I would suggest using one of our SDKs, which handles most of these transactions for you. If you haven’t already, checkout our quickstarts.