I have also checked these topics M2M Token renewal and Correct way to handle M2M token renewal?
But I can’t seem to find the answer I want.
Thanks in advance!
Before moving on, it’s good to understand the concept of a Machine to Machine Authentication. This grant is intended for non-interactive clients, where a machine is requesting a token to be used on behalf of itself (never on behalf of a user). If you are using this token on behalf of a user, you have chosen the incorrect grant.
As such, the machine should be able to understand when the token has expired, and just request another one, as the machine itself, considering it’s a secure space and the token is being requested from that secure space, contains all of the details in order to be able to request another one (including the secret).
Now, if you are intending to request a token on behalf of the user, you should be using a different grant, such as the Authorization Code Flow. In this flow, you get a code, that is then exchanged for a token server-side. You could also request a Refresh Token, and perform a Refresh operation. A full, detailed explanation of Refresh Tokens can be found here: What Are Refresh Tokens and How to Use Them Securely
Bear in mind that Refresh Tokens are long-lived, confidential information, and, as such, they should only be stored server-side. The refresh operation should also happen server-side, and not client-side at any point.
TL;DR: No, M2M tokens can not be refreshed. The machine should be able to refresh them by requesting a new one. Otherwise, you should be using a different grant.