Problem getting the refresh-token in new API 6.0

I am naive in understanding, API, and authentication. I pretty much followed the techniques described in here to register the app
curl -X POST -k -H ‘Content-Type: application/json’ -i https://health.dpanalytics.com/oauth2/default/registration --data '{

“application_type”: “private”,

“redirect_uris”:

[“https://health.dpanalytics.com/callback”],

“post_logout_redirect_uris”:

[“https://health.dpanalytics.com/logout/callback”],

“client_name”: “Dag Health”,

“token_endpoint_auth_method”: “client_secret_post”,

“contacts”: [“support@dpanalytics.com”, “them@example.org”],

“scope”: "openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read "
}’

and got response

HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Date: Fri, 10 Sep 2021 19:21:31 GMT
Server: Apache
Set-Cookie: authserverOpenEMR=IYSwS4ctkybeZ-Qs%2C634iaoGXrqlC5ZJPxhnL6Dptry82n5n; expires=Sat, 11-Sep-2021 03:08:11 GMT; Max-Age=28000; path=/oauth2/; secure; HttpOnly; SameSite=None
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: origin, authorization, accept, content-type, x-requested-with
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Access-Control-Allow-Origin: *
Set-Cookie: authserverOpenEMR=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/oauth2/; secure; HttpOnly; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-XSS-Protection: 1; mode=block
Content-Length: 2313
Content-Type: text/html; charset=utf-8

{“client_id”:“XbYuiVlWOt968mNMoweQf0PBznqAjUN2B7V1tEzq5Qk”,“client_secret”:“jZbe-XD4t0qUY76v2tzdJsaSYZ1-MbnCoWoyd7BswH43D17Zeda7kC0SjpbYgD0P3Thq-r2XLpSQysJlKlU53g”,“registration_access_token”:“RvavG8GjEcfp78nQEpnuTVKXbI4Np1xWYRQkOTC2DZI”,“registration_client_uri”:“https://health.dpanalytics.com//oauth2/default/client/YlVSmZlJMAe0UnJH--fO8g",“client_id_issued_at”:1631301691,“client_secret_expires_at”:0,“client_role”:“user”,“contacts”:[“support@dpanalytics.com”,“them@example.org”],“application_type”:“private”,“client_name”:"Dag Health”,“redirect_uris”:["https://health.dpanalytics.com/callback"],“post_logout_redirect_uris”:[“https://health.dpanalytics.com/logout/callback”],“token_endpoint_auth_method”:“client_secret_post”,“scope”:"openid offline_access api:oemr api:fhir api:port…

It seems to be Okey,
I am stuck in getting the refresh token and access_token. I got bad request.

curl -X POST -k -H ‘Content-Type: applicatiwww-form-urlencoded’-i ‘https://health.dpanalytics.com/oauth2/default/token’ --data 'grant_type=refresh_token&client_id=XbYuiVlWOt968mNMoweQf0PBznqAjUN2B7V1tEzq5Qk&refresh_token=def5020089a766d16…'
{“error”:“invalid_request”,“error_description”:“Bad request”,“message”:“Bad request”}

Confusion in the documents is the refresh_token used in the request. It is pretty much similar to the issue raised by @benmarte . Highly appreciated any help. Thank you !.

This is the incorrect content-type for one, 2) you need to either use the password grant or authorization_code grant. Refresh grant is only for getting a NEW refresh token, not the initial refresh token. The initial refresh token is returned alongside your access token when you request the offline_access scope. Also bear in mind if you request a new refresh token it invalidates your old refresh token which is used as part of the request.

Thank you @adunsulag. Password grant is working.