Refresh Tokens not listed in accepted grant_type's

[nghamilton]

Given that refresh tokens must be supported, and the /token endpoint must accept them, should refresh_token also be included in the permitted options for the grant_type claim, as specified in Client Authentication? https://consumerdatastandardsaustralia.github.io/infosec/#client-authentication currently says it must be "authorisation_code or client_credentials".

[lukepopp]

Yep, good pickup thanks. Will add.

[JamesMBligh]

@nghamilton has this been addressed or is it still outstanding?