This route handles token renewval (searching the granted permission's refresh token in the database) for all hosted servers and for application itself by responding with a new access token on success, or with a 403 Forbidden if logout succeeded (provided refresh token does not exist anymore and a new login is required), or if the refresh token is expired.
In order the refresh of the access token to succeed the server expects:
- a
POSTrequest without Authorization header, - both the access token and the refresh token in the
req.bodylike following:
{
"jwt": "the-access-token",
"refresh": "the-refresh-token"
}The server response will have the same format as the above but with a new access token.