post:
  tags: [Accounts, Auth]
  summary: Rotate refresh token and issue new access/refresh tokens
  description: |
    Validates refresh token + session identifiers and returns a new token pair.
    Use this endpoint when replacing both access and refresh tokens.
  operationId: accountsRotateRefreshToken
  requestBody:
    $ref: ./bodies/auth.yaml#/components/requestBodies/RefreshTokenBody
  responses:
    '200':
      description: New token pair issued
      content:
        application/json:
          schema:
            allOf:
              - $ref: ../response/response.yaml#/components/schemas/BaseResponse
              - type: object
                properties:
                  data:
                    $ref: ./response/auth.yaml#/components/schemas/LoginData
    '400':
      $ref: ../response/operation.yaml#/components/responses/BadRequest
    '401':
      $ref: ../response/operation.yaml#/components/responses/Unauthorized
    '403':
      $ref: ../response/operation.yaml#/components/responses/Forbidden
    '404':
      $ref: ../response/operation.yaml#/components/responses/NotFound
    '500':
      $ref: ../response/operation.yaml#/components/responses/InternalServerError