/oauth/refreshOAuth 2.0 refresh token endpoint. Uses refresh_token to obtain a new access_token and refresh_token (rotation). Returns flat JSON (no code/message envelope). Reference: RFC 6749 §6 (Refreshing an Access Token).
Accepts an empty JSON object {}
| Status | Description | Schema |
|---|---|---|
| 200 | Refreshed tokens (includes new access_token and refresh_token) | dto.OAuthTokenResponse |
| 400 | invalid_request: request parameters missing or invalid. Reference: RFC 6749 §5.2. | dto.OAuthErrorResponse |
| 401 | invalid_grant: refresh_token invalid or expired. Reference: RFC 6749 §5.2. | dto.OAuthErrorResponse |
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
actions |
array of string |
No | ['["list_accounts"', '"read_balances"]'] |
Operation | |
constraints |
object |
No | Extension constraints | ||
data_types |
array of string |
No | ['["account_details"', '"balances"]'] |
Data type | |
identifier |
string |
No | account-12345 |
Identifier | |
locations |
array of string |
No | ['["https://example.com/accounts"]'] |
Location | |
type |
string |
No | account_information |
Grant type |
OAuth standard error response
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
error |
string |
No | invalid_request |
Error code | |
error_description |
string |
No | Missing required parameter |
Error description | |
error_uri |
string |
No | https://docs.example.com/errors |
Error URI | |
state |
string |
No | state-123 |
Status |
OAuth token response
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
access_token |
string |
No | eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... |
Access token | |
authorization_details |
array of |
No | RAR authorization details | ||
dpop_access_token_bound |
boolean |
No | Access token DPoP binding confirmation (RFC 9449) | ||
dpop_signing_alg |
string |
No | DPoP signing algorithm (RFC 9449) | ||
expires_in |
integer |
No | 3600 |
Expires in seconds | |
id_token |
string |
No | eyJhbGci... |
OIDC ID token | |
refresh_token |
string |
No | rt_abc123 |
Refresh token | |
scope |
string |
No | openid profile email |
Scope | |
token_type |
string |
No | Bearer |
Token type |