So what I did is I created a "Regular Web Application" on my auth0 account, along with an API of "Custom API" type to go with my Application.
I used Auth0’s guide to get their login/register/logout function going on my website.
It stores in session the following data:
_token auth0_user auth0_refresh_token
How can I get a refresh token for my API calls and my Application?
What I tried doing was to follow the guide Auth0 provides but that only got me confused. "Rotation" is enabled on my Settings panel.
It says to used my "Regular Web Application" data to make a cURL call to their services, but when I do I get "Access_Denied, Unauthenticated" as a response when I use a route I made which accepts the "auth0_refresh_token" as a URL parameter and makes a call to their servers like the one their guide suggests.
My route is the following:
To exchange my refresh token I used the following HTTP request:
$response = Http::withHeaders([ 'content-type' => 'application/x-www-form-urlencoded', ])->post(env('AUTH0_APP_URL'), [ "grant_type" => 'refresh_token', "client_id" => env('AUTH0_CLIENT_ID'), "client_secret" => env('AUTH0_CLIENT_SECRET'), "refresh_token" => $token ]);
I understand that JWT is used as a middleware to protect all my API and WEB routes but how do I exchange my token for a new one using refresh tokens?