diff --git a/descope/auth.py b/descope/auth.py
index 9d665cb93..518722627 100644
--- a/descope/auth.py
+++ b/descope/auth.py
@@ -272,7 +272,7 @@ def _fetch_public_keys(self) -> None:
                 # just continue to the next key
                 pass
 
-    def _generate_auth_info(self, response_body: dict, refresh_cookie: str) -> dict:
+    def _generate_auth_info(self, response_body: dict, refresh_token: str) -> dict:
         jwt_response = {}
         st_jwt = response_body.get("sessionJwt", "")
         if st_jwt:
@@ -285,9 +285,9 @@ def _generate_auth_info(self, response_body: dict, refresh_cookie: str) -> dict:
                 rt_jwt, None
             )
 
-        if refresh_cookie:
+        if refresh_token:
             jwt_response[REFRESH_SESSION_TOKEN_NAME] = self._validate_and_load_tokens(
-                refresh_cookie, None
+                refresh_token, None
             )
 
         jwt_response[COOKIE_DATA_NAME] = {
@@ -327,12 +327,12 @@ def _get_default_headers(self, pswd: str = None):
         headers["Authorization"] = f"Basic {base64.b64encode(bytes).decode('ascii')}"
         return headers
 
-    def _refresh_token(self, refresh_token: str) -> dict:
+    def refresh_token(self, refresh_token: str) -> dict:
         uri = Auth._compose_refresh_token_url()
         response = self.do_get(uri, None, None, refresh_token)
 
         resp = response.json()
-        auth_info = self._generate_auth_info(resp, None)
+        auth_info = self._generate_auth_info(resp, refresh_token)
         return auth_info
 
     def _validate_and_load_tokens(self, session_token: str, refresh_token: str) -> dict:
@@ -409,7 +409,7 @@ def _validate_and_load_tokens(self, session_token: str, refresh_token: str) -> d
                 )
 
             # Refresh token is valid now refresh the session token
-            return self._refresh_token(refresh_token)  # return jwt_response dict
+            return self.refresh_token(refresh_token)  # return jwt_response dict
 
         except Exception as e:
             raise AuthException(500, ERROR_TYPE_INVALID_TOKEN, f"Invalid token: {e}")
diff --git a/samples/otp_sample_app.py b/samples/otp_sample_app.py
index 1ea21f360..b9345e705 100644
--- a/samples/otp_sample_app.py
+++ b/samples/otp_sample_app.py
@@ -46,7 +46,7 @@ def main():
 
         try:
             logging.info("refreshing the session token..")
-            claims = descope_client._auth._refresh_token(refresh_token)
+            claims = descope_client._auth.refresh_token(refresh_token)
             logging.info(
                 "going to revalidate the session with the newly refreshed token.."
             )
diff --git a/tests/test_auth.py b/tests/test_auth.py
index 32e5b9ad4..8c984d3a0 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -204,7 +204,7 @@ def test_refresh_token(self):
             mock_request.return_value.ok = False
             self.assertRaises(
                 AuthException,
-                auth._refresh_token,
+                auth.refresh_token,
                 dummy_refresh_token,
             )