I dont want to expose refresh token to consumer application. so when consumer app wants to generate new access token using refresh token, it will pass only access token to gateway api, this api will take the access token as input and fetch the refresh token from gw db. Once refresh token is fetched, based on this refresh token, api will generate new access and refresh token and send only access token to consumer app.
can you share the sample policy which will fetch refresh token based on access token as input ?
------------------------------
Technology Lead
Infosys Limited
------------------------------