I'm attempting to refresh an access token via https://api.box.com/oauth2/token endpoint (via Boxr gem for Ruby), with grant_type=refresh_token, and client and secret included. For one token, I'm getting an error that doesn't appear documented and is pretty vague:
It's HTTP status 403, with {"error":"access_denied","error_description":"Access denied"}. 403's listed on https://developer.box.com/docs/error-codes don't include this possibility. I'm stumped as to what the reason could be. Other connections using the same client id and secret, before and after this attempt, result in success (or "invalid_grant" errors). Any thoughts or documentation I might be missing?
Thanks in advance for any help.