Authenticate
Manage Users
Customize
Auth0 AI
PlatformDocumentation Index
Fetch the complete documentation index at: https://auth0.com/llms.txt
Use this file to discover all available pages before exploring further.
Endpoint
POST /oauth/token
Use this endpoint to refresh an Access Token using the Refresh Token you got during authorization.
Learn More
Headers
A DPoP proof for the request. This is optional and only required if your application uses Demonstrating Proof-of-Possession.
Body Parameters
Specifies the flow being used. For refreshing an access token, this must be set to
refresh_token.Allowed values: refresh_tokenThe Client ID of your application, which identifies the application making the request.
The Client Secret of your application. Required when the Token Endpoint Authentication Method is set to
Post or Basic.The refresh token that was previously issued to the client. This token is used to obtain a new access token.
A space-delimited list of requested scope permissions. If omitted, the original scopes will be used; otherwise, you can request a reduced set of scopes. Note that this must be URL encoded.
Response Schema
Response Messages
| Status | Description |
|---|---|
| 200 | Access token successfully refreshed. |
| 400 | Bad Request. The request is missing required parameters or is malformed. |
| 401 | Unauthorized. The client credentials are invalid or the refresh token is invalid. |
| 403 | Forbidden. The refresh token is invalid or has expired. |