Refresh Tokens with OIDC

With the OIDC-conformant pipeline, refresh tokens:

In addition, differences exist in the refresh token structure. To learn more, read Refresh Tokens.

Legacy (delegation)

POST /delegation
Content-Type: 'application/json'
  "grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
  "client_id": "...",
  "refresh_token": "...",
  "scope": "openid profile"

Was this helpful?


OIDC-conformant (token endpoint)

POST /oauth/token
Content-Type: application/x-www-form-urlencoded

Was this helpful?


  • audience and client_secret parameters are optional.

  • client_secret is not needed when requesting a refresh_token for a public application.

Learn more