I am using curl, but I figured this out on my own. Deel has apparently made a breaking change to their API recently causing previously successful calls to now fail.
Sanitized example command here:
curl 'https://app.deel.com/oauth2/tokens' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic [redacted]' \
--data 'grant_type=refresh_token&refresh_token=[redacted]'
{"errors":[{"message":"redirect_uri must be shorter than or equal to 256 characters"}]}
Again, this error message is being returned by Deel, not any client library, so the blame cast at client libraries feels misdirected.
The actual issue is that redirect_uri is now a required param to the call to /oauth2/tokens. Deel is returning a misleading error that says redirect_uri must be shorter than or equal to 256 characters, but what they really mean is “redirect_uri is (now) a required parameter”.
For any other people who come across this issue, you must now add a redirect_uri param to your request, even though it’s already specified on your application configuration and that value was previously used. Adding your redirect_url to the payload will successfully refresh the token.