Yeah, I had to mess with this awhile to figure it out. Just don't pass the client secret, but instead populate your body with the following KVPs: refresh_token (the one you got from your initial token call after your device authentication), grant_type (refresh token), and client_id, and it'll work.
... View more
