SSO Refresh Tokens

I have been developing an application in my spare time, more info on that once it’s ready for an alpha test, previously the refresh tokens for users were working correctly up until recently. I have a sneaky suspicion it is relating to the changes that were described in their recent blog post

I was under the impression I had set this up correctly using the newer SSO v2 links and verifying the JWT and extracting the auth & refresh tokens. However, just the refresh token has suddenly stopped working, I can still make authenticated calls to the ESI.

Reading the documentation mentioned in that blog I can see I have the correct format of the refresh token.

Token example: +DPjdl6sEUyTM6BV9kNAoA== (characters have been altered to invalidate)

I have tried running this in a web app and I have tried using the same details and doing the request through Postman and both times I receive an error 400: invalid grant response.

1. error: "invalid_grant"
2. error_description: "Invalid refresh token. Unable to migrate grant."

The refresh token is brand new from an authed character, I have tried different characters just in case, and every time I am met with the same response.

Anyway here is the simple JS fetch that I have been using, and these same details went into Postman so if anyone could point me in the right direction as to where I am going wrong I would much appreciate it.

fetch("https://login.eveonline.com/v2/oauth/token",
                {
                    method: "POST",
                    headers: {
                        "Authorization": `Basic ${encodedCredentials}`,
                        "Content-Type": "application/x-www-form-urlencoded",
                        "Host": "login.eveonline.com",
                    },
                    body: `grant_type=refresh_token&refresh_token=${rToken}`,
                }
            )

It’s possible the refresh token can/will change when it’s used. So you may need to handle capturing the newly returned token?