I have spent the last couple of days fighting with oauth 2.
This is based upon Cognito.
The basis of the oauth authentication is a multi step dance. First you get the user to log in and are redirected back with a code. You need to send back the code with some shared secrets and it responds with a set of tokens.
These tokens do include the refresh token despite the docs saying that they don’t.
The next step is to fetch some user details. This has not yet been implemented yet the docs clearly state that it is there.
I have yet to find the renewal endpoint…
I have found out why cognito does not implement the ouath/userinfo endpoint.
It’s because the tokens endpoint returns a JWT token that includes the userinfo. I have yet to see if this is the most sane Bearer authentication token.