Hi all
I know that in theory (or practice) when an access token is expired I need to use the refresh token to get a new one
and this is done using the refresh_token
grant type in the request to the token endpoint.
However, I noticed that in our code (that was written before my time) when the expiration time of an access token is expired we don’t use the refresh token - we send to the token endpoint a new request with grant type client_credentials
and in the response, we get a new access token (and no refresh token)
here is a screenshot of the request and response (from Postman):
so, my question is: why do we need the refresh token in the first place if we can just request a new access token with the client_credentials grant type ?
thanks