I first get a refresh token, then try to use this refresh token to retrieve another access token and id token, but get 403 forbidden. I have searched around but not find an answer to that.
Here is the screenshot of my postman.
The username and password is the client id and client secrect
The refresh token grant type is checked in the application settings.
I have tried the exactly same post body format with Azure AD and I was able to get the access token and id token using Azure refresh token (see the screenshot below), so I am wondering whether I need configure something else in the Okta IDP to make it work? or it is a defect in Okta?
No issue with Azure AD using refresh token in the same post body format.