When a client’s access token has expired, it can call this endpoint to obtain a new token pair without requiring the user to log in again. The server validates the provided refresh token — checking its signature, expiry, type, and revocation status — then revokes all existing tokens for that user and issues a fresh access token and refresh token. This rotation strategy ensures that a stolen refresh token can only be used once.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/CristianRR94/springCommunity/llms.txt
Use this file to discover all available pages before exploring further.
Endpoint
Authorization header. Do not pass an access token here.
Request Headers
Must be in the format
Bearer <refreshToken> where <refreshToken> is the refresh_token value received from a previous /auth/login or /auth/refresh response. Passing an access token instead of a refresh token will result in a 500 error.Response
A200 OK response with a JSON body containing a brand-new token pair.
A newly issued JWT access token. Replace the expired token in your client with this value. Default TTL: 1 hour (configurable via
JWT_EXPIRATION).A newly issued JWT refresh token. The old refresh token is revoked as part of this call — store this new value for future refresh requests. Default TTL: 7 days (configurable via
JWT_REFRESH_EXPIRATION).Response Example
Error Responses
| Status | Condition |
|---|---|
401 Unauthorized | The token’s signature is invalid or the JWT is structurally malformed. The response body will contain "Token inválido". |
401 Unauthorized | The token has expired (ExpiredJwtException). The response body will contain "La sesión ha expirado". |
404 Not Found | The username embedded in the refresh token does not match any user in the database. |
500 Internal Server Error | The Authorization header is missing or does not start with Bearer , the token is not of type REFRESH, or the token has been revoked or marked expired in the database. These conditions throw IllegalArgumentException, which is not mapped by the global exception handler. |
Error Response Body
curl Example
Only tokens with an internal type claim of
REFRESH are accepted by this endpoint. If you pass an access token in the Authorization header, the server will reject the request with 500 Internal Server Error because the token type check throws an unhandled IllegalArgumentException. Always store and use the refresh_token field from the login/register response for this call.