Commit e5ec447

mo <mo@mokhan.ca>
2018-10-28 21:28:39
refresh token documentation
main
1 parent 1d6b449
Changed files (8)
app
controllers
oauth
tokens_controller.rb
doc
_includes
get-well-known-oauth-authorization-server.html
oauth-tokens-authorization-code.html
oauth-tokens-client-credentials.html
oauth-tokens-password.html
oauth-tokens-refresh-token.html
_posts
2018-10-28-oauth-tokens.markdown
spec
documentation.rb
app/controllers/oauth/tokens_controller.rb
@@ -2,7 +2,7 @@
 
 module Oauth
   class TokensController < ApplicationController
-    protect_from_forgery with: :null_session
+    skip_before_action :verify_authenticity_token
 
     def create
       response.headers['Cache-Control'] = 'no-store'
doc/_includes/get-well-known-oauth-authorization-server.html
@@ -34,7 +34,7 @@ Referrer-Policy: strict-origin-when-cross-origin
 Content-Type: application/json; charset=utf-8
 Etag: W/"7f1eee6ebfc3008c58d630548ed1707c"
 Cache-Control: max-age=0, private, must-revalidate
-X-Request-Id: a0b599d8-db1f-4674-9b3c-c029b7dd6e3d
+X-Request-Id: 90ffb2db-d3dd-4b4f-a88d-d66aed613527
 Transfer-Encoding: chunked
 ```
doc/_includes/oauth-tokens-authorization-code.html
@@ -6,11 +6,11 @@ Example curl request:
 ```bash
 $ curl http://localhost:5000/oauth/tokens \
   -X POST \
-  -d '{"grant_type":"authorization_code","code":"LjaokKL42vfDj1q6XR2GthZF"}' \
+  -d '{"grant_type":"authorization_code","code":"kDGDYwec5Kcax9YP8BvfT2ey"}' \
   -H "Accept: application/json" \
   -H "Content-Type: application/json" \
   -H "User-Agent: net/hippie 0.1.9" \
-  -H "Authorization: Basic MDViMTg3NjItYmYzYi00YjVmLWExYjEtNzlhMWFhNGM0NmVhOmpVbm11dlMyNlgyVUZYUGdpbmNzR25jYQ==" \
+  -H "Authorization: Basic NTcyNDY1MDItMTI2OC00NTcxLTljMmEtZjE0MDAyOWIwOTk3OkFmTHBiNjhUSnZUeFJqeVpOcVdFbjIxVg==" \
   -H "Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3"
 ```
 Request Headers:
@@ -19,7 +19,7 @@ Request Headers:
 Accept: application/json
 Content-Type: application/json
 User-Agent: net/hippie 0.1.9
-Authorization: Basic MDViMTg3NjItYmYzYi00YjVmLWExYjEtNzlhMWFhNGM0NmVhOmpVbm11dlMyNlgyVUZYUGdpbmNzR25jYQ==
+Authorization: Basic NTcyNDY1MDItMTI2OC00NTcxLTljMmEtZjE0MDAyOWIwOTk3OkFmTHBiNjhUSnZUeFJqeVpOcVdFbjIxVg==
 Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
 ```
 
@@ -28,7 +28,7 @@ Request Body:
 ```json
 {
   "grant_type": "authorization_code",
-  "code": "LjaokKL42vfDj1q6XR2GthZF"
+  "code": "kDGDYwec5Kcax9YP8BvfT2ey"
 }
 ```
 
@@ -44,8 +44,9 @@ Referrer-Policy: strict-origin-when-cross-origin
 Cache-Control: private, no-store
 Pragma: no-cache
 Content-Type: application/json; charset=utf-8
-Etag: W/"e4cfba55350ff91e553441ad574ab54c"
-X-Request-Id: a126b4e0-e660-48d4-b2e5-9650e20c60c7
+Etag: W/"e3141af22dad223d2e19f8393f095b30"
+Set-Cookie: _proof=10aa8b09f99ab68b49b18c784ce1ce3a; path=/; HttpOnly
+X-Request-Id: d91ea209-47bb-489a-9964-ec5ed34207c9
 Transfer-Encoding: chunked
 ```
 
@@ -53,10 +54,10 @@ Transfer-Encoding: chunked
 Response Body:
 ```json
 {
-  "access_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA3NjQ5MjEsImlhdCI6MTU0MDc2MTMyMSwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3QvbWV0YWRhdGEiLCJuYmYiOjE1NDA3NjEzMjEsImF1ZCI6IjA1YjE4NzYyLWJmM2ItNGI1Zi1hMWIxLTc5YTFhYTRjNDZlYSIsImp0aSI6ImYwYWUyOTM0LTBjNjgtNDc4Yy05YWFjLTIwMGY4Yzk5ODA2NCIsInN1YiI6IjZiYmNkYjI2LTBjYzItNGM4NS1hMjZmLTMzZGY0NzIwNjllMSIsInRva2VuX3R5cGUiOiJhY2Nlc3MifQ.bxF3_HhvG8MLVCPDe2c9Kg0vbCweirSHvWbV8Yy044NhlkWFayh7quwzMrpFYGBcAhHgXTIYsygHSGPiJBBpnJL4nHRmDjuwmF-VB0C1GTmnPcPltbTGPW8FkFeTo50TTr_G7-eWJ0uGrbyJn9vLG8jlVgdW2eG-_Amidei9mz9Z4ns62v1-IDHn7tVRzU60PHbu2kRTRShinUunDZw6-yM6cqoj_sXfSmofBwAfp-d4UVhbEUNGeMyhYJrbLdSB-8YI_Xvjs7xwE1BCxrUR0JJ10ltPjnXMTOkhKEDYuXvbHZ_wYVqc4skVRBVayeC3KX1tF2r941AhbMdr8WBGLg",
+  "access_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA3NjU2ODUsImlhdCI6MTU0MDc2MjA4NSwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3QvbWV0YWRhdGEiLCJuYmYiOjE1NDA3NjIwODUsImF1ZCI6IjU3MjQ2NTAyLTEyNjgtNDU3MS05YzJhLWYxNDAwMjliMDk5NyIsImp0aSI6ImEyZmEyMTAxLWE0MDMtNDNiNC1iMzE4LTJhMzZhYjU0MDFmNiIsInN1YiI6IjFiYWRkYmIwLTE3NTEtNGE3MS1iZDEyLTBhYmUxZjlhN2MyZiIsInRva2VuX3R5cGUiOiJhY2Nlc3MifQ.iL3y9GMl1SWS-FN_sydZ3-wcr6_A-DQ9S2zwSoMI4UzTuOrQU3d8m6i16gGic2OIXwh69vcXHq42qlUv1m36VXnKQbAUigN4uvIrH3gyYSbo2khmz_cKIgwpGrqgfgzdHak1ZFy3-E2ZCC2tGvw01iev70NnRqtnumpR3YmZEHs21o_s_rMYWV5j66uQDXvblW2x6VPKTDeC14kHvuHJ47vP7f0SSppmGZ0zsmnW2Nja7NkkQkl5DZUWz6KRmn5JqjNHq_TZhKzNRIuPDfILZD87UMwzqswy0E15Y8vY4hmIp18jvyIUU_hJyk5W3tGWv-CYYWr-CSHUSqfxxZtyYg",
   "token_type": "Bearer",
   "expires_in": 3600,
-  "refresh_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA4NDc3MjEsImlhdCI6MTU0MDc2MTMyMSwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3QvbWV0YWRhdGEiLCJuYmYiOjE1NDA3NjEzMjEsImF1ZCI6IjA1YjE4NzYyLWJmM2ItNGI1Zi1hMWIxLTc5YTFhYTRjNDZlYSIsImp0aSI6IjM1MzM1MzI2LTYzZWYtNDgzNC05Y2QwLTA1MDZkYTYyMGQ2NSIsInN1YiI6IjZiYmNkYjI2LTBjYzItNGM4NS1hMjZmLTMzZGY0NzIwNjllMSIsInRva2VuX3R5cGUiOiJyZWZyZXNoIn0.qqEqm_luiIynAWVnhIAyiODA7nu4IUcPsyvU7jJijVV7MmUwfykk9ehkUQyz9PuGaWaQwRcyY5apiRpzuNwKLJDlbaGTX_VkAtaIsHwP45efy3UcmiuDb-nbjGuWvDLDkGz88TOWgZbOckpvyDOQnP2qeNDMqeUo6fywn9zwsYW0hs3w6YoXwZShhLHAFl0VDu5flq0su5hGDO-vldNpTOaDWFBl5hnXbBf-cf32ag5eMVByUOZ8-WOLZV75PvZWBzarrYYlKQLAI-HTpQOjtcxvISFw3uhgCfqgQ7owP0up5Q8lW7Exh2chB76LXGICyq51IRMx7kkkY5Nc7GdJFw"
+  "refresh_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA4NDg0ODUsImlhdCI6MTU0MDc2MjA4NSwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3QvbWV0YWRhdGEiLCJuYmYiOjE1NDA3NjIwODUsImF1ZCI6IjU3MjQ2NTAyLTEyNjgtNDU3MS05YzJhLWYxNDAwMjliMDk5NyIsImp0aSI6ImRlNmE0N2NhLWYwZDEtNGE1ZS1hYmUxLTU4YTcyYzJlYjgyYiIsInN1YiI6IjFiYWRkYmIwLTE3NTEtNGE3MS1iZDEyLTBhYmUxZjlhN2MyZiIsInRva2VuX3R5cGUiOiJyZWZyZXNoIn0.HWTcdDSYzQnjqVSSYlnA-MsNYx_w_L8d9pAoPlbYVKKjdbZbf9DD0dvSI9SSfpQb05wRBRuv4e5ihEmO-WXxk8qJDIYCC7FDRFJILE9QFQBTgeCp8uCBZzr-E-EfFwxjAi3JZvW4IXErWpklBFf0puceDTAf-Q1lHTCmAjSUOH2_8j4mnS8iHz5Ono1xMwycOeW4b3tLXLMFVRRB_Jezhc5MCbXYftiXQqRYmUDBACzPqGAzzmwbrO3wgKiHoeYzTr3CkeAI-LLKDtqzYN0DqLh5Tahff8fMJXwoWCjyJHKKgWBxn10YmY5iTiKfSa_TrvIAP4qwDUJWknuNouIz0A"
 }
 ```
doc/_includes/oauth-tokens-client-credentials.html
@@ -10,7 +10,7 @@ $ curl http://localhost:5000/oauth/tokens \
   -H "Accept: application/json" \
   -H "Content-Type: application/json" \
   -H "User-Agent: net/hippie 0.1.9" \
-  -H "Authorization: Basic OGVkMzljOTYtNzk0MS00YWQyLWI0MzUtNDdlNTYwNGU5YWMxOllBZXlGVzZESEN1OFlRU2hjS0Z3V1gzcQ==" \
+  -H "Authorization: Basic OWVmYTNiZDYtZTFlNy00ZWJhLThlNzgtM2ZmZjg3ODc0NjFkOkF1eUtUZTNucEU0UWVRWGE2R3pSNjkyZA==" \
   -H "Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3"
 ```
 Request Headers:
@@ -19,7 +19,7 @@ Request Headers:
 Accept: application/json
 Content-Type: application/json
 User-Agent: net/hippie 0.1.9
-Authorization: Basic OGVkMzljOTYtNzk0MS00YWQyLWI0MzUtNDdlNTYwNGU5YWMxOllBZXlGVzZESEN1OFlRU2hjS0Z3V1gzcQ==
+Authorization: Basic OWVmYTNiZDYtZTFlNy00ZWJhLThlNzgtM2ZmZjg3ODc0NjFkOkF1eUtUZTNucEU0UWVRWGE2R3pSNjkyZA==
 Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
 ```
 
@@ -43,8 +43,9 @@ Referrer-Policy: strict-origin-when-cross-origin
 Cache-Control: private, no-store
 Pragma: no-cache
 Content-Type: application/json; charset=utf-8
-Etag: W/"741de2d275c50f8edb7b319c01c600dc"
-X-Request-Id: 411d96b6-5388-4743-bb9f-eb009c8818c7
+Etag: W/"26f62103d1188c6cd4e55c26413ce241"
+Set-Cookie: _proof=c1d643d5c6a4c51f8a0ea951a32b61ea; path=/; HttpOnly
+X-Request-Id: 97b74acd-a09f-4e6b-9d56-f4a333ff9eaa
 Transfer-Encoding: chunked
 ```
 
@@ -52,7 +53,7 @@ Transfer-Encoding: chunked
 Response Body:
 ```json
 {
-  "access_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA3NjQ5MjIsImlhdCI6MTU0MDc2MTMyMiwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3QvbWV0YWRhdGEiLCJuYmYiOjE1NDA3NjEzMjIsImF1ZCI6IjhlZDM5Yzk2LTc5NDEtNGFkMi1iNDM1LTQ3ZTU2MDRlOWFjMSIsImp0aSI6ImVmMjExMmZhLTgxNzctNDZlMi05ZDhkLWRhMGY5YmIzYzBhNCIsInN1YiI6IjhlZDM5Yzk2LTc5NDEtNGFkMi1iNDM1LTQ3ZTU2MDRlOWFjMSIsInRva2VuX3R5cGUiOiJhY2Nlc3MifQ.KeNZMVSr0iIJLBzwf1Q653UJTSO9RuvZ8RutZVtZPqEgt9N3MZJzFleHc88FblN1Wv7sIfTtaCInc666tRivNa2bBaS4W7y-3L4pVFmsvFczeARYOhWdRMHCGk9BvQwFjfpKLjGmu17GascqSEGAnCRPbhUbHmhBoqsCbW-iQ1A5MOusDmXSQ53GNx1gamdQkcDrVJZveFXQpW5FQcEkpFgzMxTzgUmxQNowNbNWauRfQRkROZKkabuME8sQrBGFZ0bl7rVS_MyV1Ptmdg_FhpQ7ctWTLhm0WC6ZDNB1pidrXsePjxj8ZFzP5uniu47qg5_3Mbju-NGakwTphvaldA",
+  "access_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA3NjU2ODUsImlhdCI6MTU0MDc2MjA4NSwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3QvbWV0YWRhdGEiLCJuYmYiOjE1NDA3NjIwODUsImF1ZCI6IjllZmEzYmQ2LWUxZTctNGViYS04ZTc4LTNmZmY4Nzg3NDYxZCIsImp0aSI6ImI3YzFhMzAxLWE3NTctNDk2Yi05OGQyLTU5NjA4NzUzNDhiZCIsInN1YiI6IjllZmEzYmQ2LWUxZTctNGViYS04ZTc4LTNmZmY4Nzg3NDYxZCIsInRva2VuX3R5cGUiOiJhY2Nlc3MifQ.U8b6M84qfjrlYgB_3tIgFChTq27c9OIjhZuTYDDCx96n5It8QIOfls1QtRIzVK-RgavtanGMzhl1V3hWmbzgRUnr0Rz-I7zztSWICFGgMJb0O_BQO1T1q1cegy0ZEKCLL6Qa359pmcFTmBuaIWJ36U7ChQy1mYdKKbSM8fJPjjThlX-pGUF-NZNI4Z3VimeZCpbgUOXdTmTrNWMfOV5bVw5CM8Uwm6EBxvh1F0LbjYUKbtw-DyfE9duudVGrR_pJ9HxBx9mHrppTURKQKguTFlkVoj8zKEgJ2oTk51JREMofR8AUamG_9bjg8sL16gUBG6kYfRz5GQqRmhGpBfxlVg",
   "token_type": "Bearer",
   "expires_in": 3600
 }
doc/_includes/oauth-tokens-password.html
@@ -6,11 +6,11 @@ Example curl request:
 ```bash
 $ curl http://localhost:5000/oauth/tokens \
   -X POST \
-  -d '{"grant_type":"password","username":"sheila_torphy@bechtelar.co.uk","password":"OxlUzuoUOrgV5v"}' \
+  -d '{"grant_type":"password","username":"odette@oconnellarmstrong.name","password":"BWW06lYVmM0Nnyw"}' \
   -H "Accept: application/json" \
   -H "Content-Type: application/json" \
   -H "User-Agent: net/hippie 0.1.9" \
-  -H "Authorization: Basic MzYzZTczNTUtOTM2NC00Yzg0LTgwMWYtMDU5YjFmZjIwM2I4OnZnY0NyaFJ2bW40WTNUYWVUeWQ1bWlWUQ==" \
+  -H "Authorization: Basic NDRjNjllMTEtOTI4Ni00MDExLThmMzQtYzA2MDNiZDFmMmJhOnpqaTE5eG5RWlVvSkJvRlpSdHNrb2luNQ==" \
   -H "Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3"
 ```
 Request Headers:
@@ -19,7 +19,7 @@ Request Headers:
 Accept: application/json
 Content-Type: application/json
 User-Agent: net/hippie 0.1.9
-Authorization: Basic MzYzZTczNTUtOTM2NC00Yzg0LTgwMWYtMDU5YjFmZjIwM2I4OnZnY0NyaFJ2bW40WTNUYWVUeWQ1bWlWUQ==
+Authorization: Basic NDRjNjllMTEtOTI4Ni00MDExLThmMzQtYzA2MDNiZDFmMmJhOnpqaTE5eG5RWlVvSkJvRlpSdHNrb2luNQ==
 Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
 ```
 
@@ -28,8 +28,8 @@ Request Body:
 ```json
 {
   "grant_type": "password",
-  "username": "sheila_torphy@bechtelar.co.uk",
-  "password": "OxlUzuoUOrgV5v"
+  "username": "odette@oconnellarmstrong.name",
+  "password": "BWW06lYVmM0Nnyw"
 }
 ```
 
@@ -45,8 +45,9 @@ Referrer-Policy: strict-origin-when-cross-origin
 Cache-Control: private, no-store
 Pragma: no-cache
 Content-Type: application/json; charset=utf-8
-Etag: W/"2d39b47999b54df9600f05e81426bcf7"
-X-Request-Id: da983f60-ab3c-4d88-823b-cf692e974d3f
+Etag: W/"0c890d3506fb37150a2369c1b00f00a5"
+Set-Cookie: _proof=53ff34b48c7595629b3cd79931667c34; path=/; HttpOnly
+X-Request-Id: 48436dea-3a50-4dfd-992b-adb697302a4b
 Transfer-Encoding: chunked
 ```
 
@@ -54,10 +55,10 @@ Transfer-Encoding: chunked
 Response Body:
 ```json
 {
-  "access_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA3NjQ5MjIsImlhdCI6MTU0MDc2MTMyMiwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3QvbWV0YWRhdGEiLCJuYmYiOjE1NDA3NjEzMjIsImF1ZCI6IjM2M2U3MzU1LTkzNjQtNGM4NC04MDFmLTA1OWIxZmYyMDNiOCIsImp0aSI6ImI0NDQ1M2UwLTNlM2YtNGU0OS05ZDc2LTNjOWE1MTMzNWNlNyIsInN1YiI6ImVkZTJjMzZlLTcwM2QtNDJkMC04MGIzLTNlYzk0ZmMzZDBiMCIsInRva2VuX3R5cGUiOiJhY2Nlc3MifQ.qqJIgRYh73b0jhLZFEwD-jKfQ5EogHeS6w9g-MYgCbw_l4FeK_fK279hycXzkqU5vu4273I9SFXfz_ftpRiL4xXmlxDusZ6lo_ukYJv_8Uj_nY-tz3fvDvs4uLIAnaSr4GVSX7VjgQMuLJoLplEH-iDPi-VE8HH3KtAhWHF1ddWoLfJbYbmg_-lu-9CmDp-BqD9veDELzpq5OC-D38YHXY7C7xjW3wry8CV37potqkog0xowrFkaqNc9UPZfsJCg_V9GoXN3l59QHv1qgoWItin6TkyhGAc8MgIXTiJeMrMm19YYhNFlUuy67vV5yEOXOzLD6y5-LvcdoR6SOnFkvg",
+  "access_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA3NjU2ODUsImlhdCI6MTU0MDc2MjA4NSwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3QvbWV0YWRhdGEiLCJuYmYiOjE1NDA3NjIwODUsImF1ZCI6IjQ0YzY5ZTExLTkyODYtNDAxMS04ZjM0LWMwNjAzYmQxZjJiYSIsImp0aSI6IjUxYjkyNTE4LWE4MTUtNGQ0Ni1hMjVkLWQzY2Y3NDM5ODNiZCIsInN1YiI6ImJjMTYxODEyLWJiYTItNDc1Ni05MjEyLTA3MjZjNWY3ZDMxNyIsInRva2VuX3R5cGUiOiJhY2Nlc3MifQ.ifScI9Sz25Kn87yEAEG3BBLiPEGtxHoQlw3Ik561hybviQDC9pCvYwVQZM9Cg28ZzGVYc_YfCpc9CwlMfFoEUt-o0Oz92blMIYogNUv8_4FOvqNwuu7nwnu1rcolxfMALlF1BHVilQakBRjFJouCiFAPgUHzu4m1oYn2-_AKcgtWUxqxZWPf55SKrjTyo5m2ho83TTJNDVp_wxxiqdP_yZAzC8I4lmJO1sSDJ0ybul5GZ0o_33JGRUiC0eqARjRVd3vzmQNVeL--a3CEjHM2KPcYnDvU3VrPp-sPOb055bDVB__BNu_q3wGyNn7Ub9vhVgjWXmOylmPVbc0IneqLXg",
   "token_type": "Bearer",
   "expires_in": 3600,
-  "refresh_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA4NDc3MjIsImlhdCI6MTU0MDc2MTMyMiwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3QvbWV0YWRhdGEiLCJuYmYiOjE1NDA3NjEzMjIsImF1ZCI6IjM2M2U3MzU1LTkzNjQtNGM4NC04MDFmLTA1OWIxZmYyMDNiOCIsImp0aSI6Ijc4NTBhNWIxLWM0NGYtNDUyZi1iMTIyLTUyODc0MzRhZDgyZSIsInN1YiI6ImVkZTJjMzZlLTcwM2QtNDJkMC04MGIzLTNlYzk0ZmMzZDBiMCIsInRva2VuX3R5cGUiOiJyZWZyZXNoIn0.VsswVZMFJzL-WmwDerdKunYQquFu4jdIVtDdBA04D6Byqt5mjz1ccsxgevWAQNvmyEvCre55hX_vKSmdvgkxoIBbDCAYhsnaePunUU299Zqw7Fi5SCze0vVRZnJpHst9wzkWQby8VPRyVkOBOftpAV7wmawHXKPmpGuuTl5Vsf_g1Sc8imPFnPec-5PZwbia0fclcSrJ0kwNyzu7_ZEEmdANS1gZJMGiTD1BOgw0uzuX02RJIXzWx3VJpsHF2SqHXfxD5oIIXN6dT65ULbthe5_VxUhVs3_ibbQLund-kEaniHsarPsDV6hqDVdBdn-dOgZcf6RnpBCviw9bKm4lFg"
+  "refresh_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA4NDg0ODUsImlhdCI6MTU0MDc2MjA4NSwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3QvbWV0YWRhdGEiLCJuYmYiOjE1NDA3NjIwODUsImF1ZCI6IjQ0YzY5ZTExLTkyODYtNDAxMS04ZjM0LWMwNjAzYmQxZjJiYSIsImp0aSI6IjAwNTVlZTFjLTVmYjktNDhjYS05OGMzLWZiNTNlMDhkN2U1MiIsInN1YiI6ImJjMTYxODEyLWJiYTItNDc1Ni05MjEyLTA3MjZjNWY3ZDMxNyIsInRva2VuX3R5cGUiOiJyZWZyZXNoIn0.fMwFZyZASvcdCWxZJCLaT348FmL7qjPld0FHnS0HQP4jlh-dlsXqAlv50wU8Aha1aLXqnMSNLOS_-PK_IArUjyXT_HWR1qI5aEBh3oGe_fS8t9WhIHXDKSuqdiD3Kj7QyPYEAYb2PgJNKxYSxjScTWqFqBBzlSjyNh5Za9INXOQruzhbrvzsWq0E-iPnN5bdaCniSkSAnlkaBabS8rTFgWPEr5UFW2O-LGtCLnJMu9zAjnI5ayMnrKENWCp9D-257lMoaocuMakistTsOttSY0mIaNp2ttQZDs7lEYjj1UJYE3-P6SBVkLaOTnZVYPs5yglrLGmg21J5J1zeZUtfHg"
 }
 ```
doc/_includes/oauth-tokens-refresh-token.html
@@ -0,0 +1,60 @@
+
+#### POST http://localhost:5000/oauth/tokens
+
+Example curl request:
+
+```bash
+$ curl http://localhost:5000/oauth/tokens \
+  -X POST \
+  -d '{"grant_type":"refresh_token","refresh_token":"eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA3NjU2ODUsImlhdCI6MTU0MDc2MjA4NSwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3Q6NTAwMC9tZXRhZGF0YSIsIm5iZiI6MTU0MDc2MjA4NSwiYXVkIjoiZmUyZjU0NzEtM2U4Ny00MDFmLThlN2ItNmMzZjBiNzVlMGU5IiwianRpIjoiMDY0YjZlZjgtNmM5NC00N2RlLThiOWMtYzhjNTE1Njk4NTEzIiwic3ViIjoiNWMyZDNiNmEtZmZhZC00ZTBiLWJmYmYtZGRkZThhOWIwNWE2IiwidG9rZW5fdHlwZSI6InJlZnJlc2gifQ.lhEstYYI7U_71EXFv6FP5x1RsdmGcAVr-IG_oo4kIG-pTJuhWjYOaFpHKytgkPTsl91_yjM62XDNDBEFmuoypL20TN1m3WjK9XUwfUW__Bu9lfN5TNoQw8pIla31PeVjjvwYDQCkCq73z6nL5Q6zkwfUpJPrrhWq4DvRRSo35E813vnpUBD0YGZkSNYmVpiRl7v-_mNxsLgV5OQuqJOCl6XCBt9gFmm9-QBj77LPQakgHaPH78dOqqeZMZmNmj_vrcRJ0nnpP5sUXux1kqeR7AecPcoBOtLFYJt8u76zhAByXWE1kdeKSROdxxjr-BIDpV6GLW2RC_J_SwMMSwdCqg"}' \
+  -H "Accept: application/json" \
+  -H "Content-Type: application/json" \
+  -H "User-Agent: net/hippie 0.1.9" \
+  -H "Authorization: Basic ZmUyZjU0NzEtM2U4Ny00MDFmLThlN2ItNmMzZjBiNzVlMGU5Ok14cjM3OGtuMlVMUDZGdk5KNGhWQnBXWA==" \
+  -H "Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3"
+```
+Request Headers:
+
+```text
+Accept: application/json
+Content-Type: application/json
+User-Agent: net/hippie 0.1.9
+Authorization: Basic ZmUyZjU0NzEtM2U4Ny00MDFmLThlN2ItNmMzZjBiNzVlMGU5Ok14cjM3OGtuMlVMUDZGdk5KNGhWQnBXWA==
+Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+```
+
+
+Request Body:
+```json
+{
+  "grant_type": "refresh_token",
+  "refresh_token": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NDA3NjU2ODUsImlhdCI6MTU0MDc2MjA4NSwiaXNzIjoiaHR0cDovL3Byb29mLnRlc3Q6NTAwMC9tZXRhZGF0YSIsIm5iZiI6MTU0MDc2MjA4NSwiYXVkIjoiZmUyZjU0NzEtM2U4Ny00MDFmLThlN2ItNmMzZjBiNzVlMGU5IiwianRpIjoiMDY0YjZlZjgtNmM5NC00N2RlLThiOWMtYzhjNTE1Njk4NTEzIiwic3ViIjoiNWMyZDNiNmEtZmZhZC00ZTBiLWJmYmYtZGRkZThhOWIwNWE2IiwidG9rZW5fdHlwZSI6InJlZnJlc2gifQ.lhEstYYI7U_71EXFv6FP5x1RsdmGcAVr-IG_oo4kIG-pTJuhWjYOaFpHKytgkPTsl91_yjM62XDNDBEFmuoypL20TN1m3WjK9XUwfUW__Bu9lfN5TNoQw8pIla31PeVjjvwYDQCkCq73z6nL5Q6zkwfUpJPrrhWq4DvRRSo35E813vnpUBD0YGZkSNYmVpiRl7v-_mNxsLgV5OQuqJOCl6XCBt9gFmm9-QBj77LPQakgHaPH78dOqqeZMZmNmj_vrcRJ0nnpP5sUXux1kqeR7AecPcoBOtLFYJt8u76zhAByXWE1kdeKSROdxxjr-BIDpV6GLW2RC_J_SwMMSwdCqg"
+}
+```
+
+Response Headers:
+
+```text
+X-Frame-Options: SAMEORIGIN
+X-Xss-Protection: 1; mode=block
+X-Content-Type-Options: nosniff
+X-Download-Options: noopen
+X-Permitted-Cross-Domain-Policies: none
+Referrer-Policy: strict-origin-when-cross-origin
+Cache-Control: private, no-store
+Pragma: no-cache
+Content-Type: application/json; charset=utf-8
+Set-Cookie: _proof=4afe95c552eabd451589aa9246c59e46; path=/; HttpOnly
+X-Request-Id: 98c00a3a-818f-42da-a299-7eb65186774e
+Transfer-Encoding: chunked
+```
+
+
+Response Body:
+```json
+{
+  "error": "invalid_request"
+}
+```
+
+
doc/_posts/2018-10-28-oauth-tokens.markdown
@@ -80,3 +80,9 @@ The Tokens endpoint adheres to [RFC-6749](https://tools.ietf.org/html/rfc6749).
 [Section 4.4](https://tools.ietf.org/html/rfc6749#section-4.4)
 
 {% include oauth-tokens-client-credentials.html %}
+
+## Refreshing an Access Token
+
+[Section 6](https://tools.ietf.org/html/rfc6749#section-6)
+
+{% include oauth-tokens-refresh-token.html %}
spec/documentation.rb
@@ -68,4 +68,14 @@ RSpec.describe "documentation" do
       expect(response.code).to eql('200')
     end
   end
+
+  specify do
+    headers = { 'Authorization' => ActionController::HttpAuthentication::Basic.encode_credentials(client.to_param, client.password) }
+    refresh_token = create(:refresh_token, audience: client)
+    body = { grant_type: 'refresh_token', refresh_token: refresh_token.to_jwt }
+    VCR.use_cassette("oauth-tokens-refresh-token") do
+      response = hippie.post("#{scheme}://#{host}/oauth/tokens", body: body, headers: headers)
+      expect(response.code).to eql('200')
+    end
+  end
 end