Given that refresh tokens must be supported, and the /token endpoint must accept them, should refresh_token also be included in the permitted options for the grant_type claim, as specified in Client Authentication? https://consumerdatastandardsaustralia.github.io/infosec/#client-authentication currently says it must be "authorisation_code or client_credentials".
Given that refresh tokens must be supported, and the
/token
endpoint must accept them, shouldrefresh_token
also be included in the permitted options for thegrant_type
claim, as specified inClient Authentication
? https://consumerdatastandardsaustralia.github.io/infosec/#client-authentication currently says it must be "authorisation_code or client_credentials".