refresh

Rotates access and refresh tokens. Implementation Details: - Validates the DPoP proof and the provided refresh cookie. - Performs refresh token rotation (RTR) to prevent reuse of old tokens. - Issues new tokens bound to the same public key thumbprint. - Revokes the refresh token family on detection of suspicious activity. Headers: - DPoP (required): A signed proof for this request. Cookie: - __Host-rt: Secure HttpOnly refresh token.