Get new refresh token in oauth2.0 authorization code grant flow

Question

I set up an authorization code grant flow for Google using Amazon Cognito. I'm able to get authorization code by calling /login endpoint and exchange it for access_token, refresh_token and id_token using the /token endpoint so I assume that it's set up more or less properly.

Unfortunately, when I try to exchange a refresh_token for new tokens using /token endpoint as well, I receive only access_token and id_token without new refresh_token. I've been trying to understand why it happens but Amazon's documentation only briefly mentions that refresh_token is returned only for authorization code. What's more interesting, auth0 documentation says that the /token endpoint should behave in a very different way - it shouldn't return new tokens directly but a new authorization code instead.

And now I'm pretty confused about what happens there. Is it Amazon who changed the flow of authorizing a user using authorization code? Or, more likely, I don't understand it and did something wrong?

Answer 1

refresh_token is generated at once time code authorization, we can reuse it to generate new access_token and id_token. On my approach, I am calling initiateAuth method to generate new access_token and id_token :

  refreshToken() {
    let params = {
      AuthFlow: "REFRESH_TOKEN_AUTH",
      ClientId: this.clientId,
      AuthParameters: {
        "REFRESH_TOKEN": [refresh_token_property],
        "DEVICE_KEY": null
      }
    };
    return this.cognitoIdp.initiateAuth(params).promise().then(data => {
      console.log(data.AuthenticationResult);
    }).catch(e => {
      console.log(e)
    })
  }