Refresh Tokens Comes Invalidated When Requested Using Authentication API

Problem Statement:

We want to obtain a new Access Token using Authentication API, but the response got rejected.

  • POST /oauth/token with:
    • Client ID
    • Client Secret
    • Grant type: refresh_token
    • Refresh token

Solution:

As Refresh Token Rotation only allows the use of a Refresh Token once, it gets invalidated after that and it can’t be used the second time.