docs: update refresh token rotation description and examples

docs: update refresh token examples for Swagger
docs: document refresh token rotation and update examples
2026-01-08 06:29:12 +01:00 · 2026-01-08 06:28:59 +01:00 · 2026-01-08 06:28:48 +01:00
5 changed files with 17 additions and 18 deletions
--- a/docs/docs.go
+++ b/docs/docs.go
@@ -487,7 +487,7 @@ const docTemplate = `{
        },
        "/api/auth/refresh": {
            "post": {
-                "description": "Use a refresh token to get a new access token. This endpoint allows clients to obtain a new access token using a valid refresh token without requiring user credentials.",
+                "description": "Use a refresh token to get a new access token. The refresh token is rotated on success, and the previous refresh token becomes invalid.",
                "consumes": [
                    "application/json"
                ],
@@ -1906,7 +1906,7 @@ const docTemplate = `{
            "properties": {
                "refresh_token": {
                    "type": "string",
-                    "example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
+                    "example": "f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7"
                }
            }
        },
@@ -1971,7 +1971,7 @@ const docTemplate = `{
            "properties": {
                "refresh_token": {
                    "type": "string",
-                    "example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
+                    "example": "f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7"
                }
            }
        },
@@ -2073,7 +2073,7 @@ const docTemplate = `{
                },
                "refresh_token": {
                    "type": "string",
-                    "example": "f94d4ddc7d9b4fcb9d3a2c44c400b780"
+                    "example": "f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7"
                },
                "user": {
                    "$ref": "#/definitions/handlers.AuthUserSummary"
--- a/docs/swagger.json
+++ b/docs/swagger.json
@@ -484,7 +484,7 @@
        },
        "/api/auth/refresh": {
            "post": {
-                "description": "Use a refresh token to get a new access token. This endpoint allows clients to obtain a new access token using a valid refresh token without requiring user credentials.",
+                "description": "Use a refresh token to get a new access token. The refresh token is rotated on success, and the previous refresh token becomes invalid.",
                "consumes": [
                    "application/json"
                ],
@@ -1903,7 +1903,7 @@
            "properties": {
                "refresh_token": {
                    "type": "string",
-                    "example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
+                    "example": "f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7"
                }
            }
        },
@@ -1968,7 +1968,7 @@
            "properties": {
                "refresh_token": {
                    "type": "string",
-                    "example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
+                    "example": "f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7"
                }
            }
        },
@@ -2070,7 +2070,7 @@
                },
                "refresh_token": {
                    "type": "string",
-                    "example": "f94d4ddc7d9b4fcb9d3a2c44c400b780"
+                    "example": "f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7"
                },
                "user": {
                    "$ref": "#/definitions/handlers.AuthUserSummary"
--- a/docs/swagger.yaml
+++ b/docs/swagger.yaml
@@ -59,7 +59,7 @@ definitions:
  dto.RefreshTokenRequest:
    properties:
      refresh_token:
-        example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
+        example: f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7
        type: string
    required:
    - refresh_token
@@ -105,7 +105,7 @@ definitions:
  dto.RevokeTokenRequest:
    properties:
      refresh_token:
-        example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
+        example: f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7
        type: string
    required:
    - refresh_token
@@ -177,7 +177,7 @@ definitions:
        example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
        type: string
      refresh_token:
-        example: f94d4ddc7d9b4fcb9d3a2c44c400b780
+        example: f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7
        type: string
      user:
        $ref: '#/definitions/handlers.AuthUserSummary'
@@ -565,9 +565,8 @@ paths:
    post:
      consumes:
      - application/json
-      description: Use a refresh token to get a new access token. This endpoint allows
-        clients to obtain a new access token using a valid refresh token without requiring
-        user credentials.
+      description: Use a refresh token to get a new access token. The refresh token
+        is rotated on success, and the previous refresh token becomes invalid.
      parameters:
      - description: Refresh token data
        in: body
--- a/internal/dto/auth_request.go
+++ b/internal/dto/auth_request.go
@@ -43,9 +43,9 @@ type ConfirmAccountDeletionRequest struct {
 }

 type RefreshTokenRequest struct {
-	RefreshToken string `json:"refresh_token" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." validate:"required"`
+	RefreshToken string `json:"refresh_token" example:"f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7" validate:"required"`
 }

 type RevokeTokenRequest struct {
-	RefreshToken string `json:"refresh_token" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." validate:"required"`
+	RefreshToken string `json:"refresh_token" example:"f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7" validate:"required"`
 }
--- a/internal/handlers/auth_handler.go
+++ b/internal/handlers/auth_handler.go
@@ -52,7 +52,7 @@ type AuthTokensResponse struct {

 type AuthTokensDetail struct {
 	AccessToken  string          `json:"access_token" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."`
-	RefreshToken string          `json:"refresh_token" example:"f94d4ddc7d9b4fcb9d3a2c44c400b780"`
+	RefreshToken string          `json:"refresh_token" example:"f94d4ddc7d9b4fcb9d3a2c44c400b780c3e1f1a5c2b7d4e6a0b1c2d3e4f5a6b7"`
 	User         AuthUserSummary `json:"user"`
 }

@@ -593,7 +593,7 @@ func (h *AuthHandler) Logout(w http.ResponseWriter, r *http.Request) {
 }

 // @Summary Refresh access token
-// @Description Use a refresh token to get a new access token. This endpoint allows clients to obtain a new access token using a valid refresh token without requiring user credentials.
+// @Description Use a refresh token to get a new access token. The refresh token is rotated on success, and the previous refresh token becomes invalid.
 // @Tags auth
 // @Accept json
 // @Produce json
Author	SHA1	Message	Date
Kharec	dfee90504a	docs: update refresh token rotation description and examples	2026-01-08 06:29:12 +01:00
Kharec	bc0c9e5fea	docs: update refresh token examples for Swagger	2026-01-08 06:28:59 +01:00
Kharec	35ef42eb93	docs: document refresh token rotation and update examples	2026-01-08 06:28:48 +01:00