Refresh Token in a different URL

[dccarmo]

So I'm currently working with an API that have a different endpoint for token refresh. How can I let Heimdallr know the refresh token URL (and maybe even allow the application to set parameters)?

[bckr]

Heimdallr does not support setting a different endpoint for the token refresh. To my knowledge it would be very unusual to define a separate endpoint just for refreshing the token. From the RFC:

The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. The token endpoint is used with every authorization grant except for the implicit grant type (since an access token is issued directly).

Out of curiosity: Is there a special reason why the API defines a separate endpoint for the refresh?

[dccarmo]

There isn't, actually. I talked to the back-end team and they admitted that their API wasn't following OAuth specs, so they updated and now everything is good. Sorry for not coming back to report this.

[bckr]

Cool! Glad it worked out for you 👍