I was having same issue. So I looked at this URL: https://developer.okta.com/docs/api/resources/oidc.html?_ga=1.125946373.968248876.1503010147#token-request
Some questions: (1) So it states that we do not need to setup our Authorization server. So does that mean for my org, I do not need to setup an Authorization server in OKTA and I can use /oauth2/v1/token endpoint for getting refresh token ?
(2) Is there a example to retrive the refresh token in PHP? All I have is client, client crdential, id_token, access_token and authorization_code. Now how will I use this info to fetch the refresh token ?