...
Refresh token must be valid and not revoked
User must be active and not black-listed
For confidant person it is needed to validate relationship on each refresh
Specification
https://uaehealthapi.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/oauth/use-refresh-token-for-access-token-extensionApiary
Validations
Authorization
Verify the validity of the refresh token
in case of error - return 401 (“Invalid access token”)
Verify that token is not expired
in case of error - return 401 (“Token expired.”)
...
Generate new
access_token
according to the logic, described here RC Exchange oAuth Code Grant to Access Token