lelylan · jonathansamines · Dec 17, 2021 · Dec 2, 2021 · Dec 14, 2021
diff --git a/API.md b/API.md
@@ -15,6 +15,7 @@ Simple OAuth2 grant classes accept an object with the following params.
 * `auth` - required object with the following properties:
   * `tokenHost` - Base URL used to obtain access tokens. Required
   * `tokenPath` - URL path to obtain access tokens (See [url resolution notes](#url-resolution)). Defaults to **/oauth/token**
+  * `refreshPath` - URL path to refresh access tokens (See [url resolution notes](#url-resolution)). Defaults to `auth.tokenPath`
   * `revokePath` - URL path to revoke access tokens (See [url resolution notes](#url-resolution)). Defaults to **/oauth/revoke**
   * `authorizeHost` - Base URL used to request an *authorization code*. Defaults to `auth.tokenHost` value
   * `authorizePath` - URL path to request an *authorization code* (See [url resolution notes](#url-resolution)). Defaults to **/oauth/authorize**

diff --git a/lib/access-token.js b/lib/access-token.js
@@ -46,7 +46,7 @@ module.exports = class AccessToken {
     };
 
     const parameters = GrantTypeParams.forGrantType(REFRESH_TOKEN_PROPERTY_NAME, this.#config.options, refreshParams);
-    const response = await this.#client.request(this.#config.auth.tokenPath, parameters.toObject(), httpOptions);
+    const response = await this.#client.request(this.#config.auth.refreshPath, parameters.toObject(), httpOptions);
 
     return new AccessToken(this.#config, this.#client, response);
   }

diff --git a/lib/config.js b/lib/config.js
@@ -16,6 +16,7 @@ const clientSchema = Joi.object().keys({
 const authSchema = Joi.object().keys({
   tokenHost: Joi.string().required().uri({ scheme: ['http', 'https'] }),
   tokenPath: Joi.string().default('/oauth/token'),
+  refreshPath: Joi.string().default(Joi.ref('tokenPath')),
   revokePath: Joi.string().default('/oauth/revoke'),
   authorizeHost: Joi.string().uri({ scheme: ['http', 'https'] }).default(Joi.ref('tokenHost')),
   authorizePath: Joi.string().default('/oauth/authorize'),

diff --git a/test/access-token.js b/test/access-token.js
@@ -355,6 +355,34 @@ test.serial('@refresh => creates a new access token with a custom token path', a
   t.true(has(refreshAccessToken.token, 'access_token'));
 });
 
+test.serial('@refresh => creates a new access token with a custom refresh path', async (t) => {
+  const config = createModuleConfig({
+    auth: {
+      refreshPath: '/the-custom/refresh-path',
+    },
+  });
+
+  const accessTokenResponse = chance.accessToken({
+    expireMode: 'expires_in',
+  });
+
+  const client = new Client(config);
+
+  const refreshParams = {
+    grant_type: 'refresh_token',
+    refresh_token: accessTokenResponse.refresh_token,
+  };
+
+  const server = createAuthorizationServer('https://authorization-server.org:443');
+  const scope = server.tokenSuccessWithCustomPath('/the-custom/refresh-path', scopeOptions, refreshParams);
+
+  const accessToken = new AccessToken(config, client, accessTokenResponse);
+  const refreshAccessToken = await accessToken.refresh();
+
+  scope.done();
+  t.true(has(refreshAccessToken.token, 'access_token'));
+});
+
 test.serial('@refresh => creates a new access token with custom (inline) http options', async (t) => {
   const config = createModuleConfig();