Update token renewal documentation

Author: ujibang

docs/security/authentication.adoc

@@ -107,7 +107,7 @@ NOTE: RGT cookies can only be verified by the RESTHeart instance that issued the
 
 This component is responsible for initiating a user's authenticated session by setting the authentication cookie.
 
-Activates when a URL includes the query parameter `?set-auth-cookie` and a user is authenticated, setting a cookie populated with a token generated by the enabled Token Manager.
+Activates when the `/token/cookie` endpoint is called with valid credentials, setting a cookie populated with a token generated by the enabled Token Manager.
 
 *Configuration*
 
@@ -124,7 +124,9 @@ authCookieSetter:
   expires-ttl: 86400     # Defines the duration (in seconds, default 1 day) for which the cookie is valid
 ```
 
-When using JWT tokens, the cookie can be updated by calling `POST /token/cookie?renew`. The query parameter `renew` forces the `jwtTokenManager` to update the JWT.
+When using JWT tokens, the cookie can be updated by calling `POST /token/cookie?renew`. The query parameter `renew` forces the `jwtTokenManager` to generate a new JWT token.
+
+You can also add the `?renew` query parameter to `GET /token` or `GET /token/cookie` requests to force token renewal.
 
 ===== authCookieHandler
 
@@ -358,12 +360,10 @@ jwtTokenManager:
     issuer: restheart.com
 ----
 
-The query parameter renew-auth-token forces the token to be renewed.
+The query parameter `renew` forces the token to be renewed. Add it to `GET /token` or `GET /token/cookie` requests (e.g., `GET /token?renew`).
 
-Generating a new token is a cryptographic operation,
-and it can have a significant performance overhead.
-It is responsibility of the client to renew the token using this query parameter
-when it is going to expiry somehow soon.
+Generating a new token is a cryptographic operation and can have a significant performance overhead.
+It is the responsibility of the client to renew the token using this query parameter when it is going to expire soon.
 
 
 === Avoid browsers to open the login popup window

docs/security/how-clients-authenticate.adoc

@@ -252,6 +252,47 @@ fetch('[RESTHEART-URL]/mycollection', {
 .catch(error => console.error('Error:', error));
 ----
 
+===== Token Renewal
+
+To renew an authentication token before it expires, add the `?renew` query parameter to `GET /token` or `GET /token/cookie` requests:
+
+==== cURL
+[source,bash]
+----
+curl -i -X GET [RESTHEART-URL]/token?renew \
+  -u [BASIC-AUTH]
+----
+
+==== HTTPie
+[source,bash]
+----
+http GET [RESTHEART-URL]/token?renew \
+  Authorization:"Basic [BASIC-AUTH]"
+----
+
+==== JavaScript
+[source,javascript]
+----
+const username = 'your-username';
+const password = 'your-password';
+const credentials = btoa(`${username}:${password}`);
+
+fetch('[RESTHEART-URL]/token?renew', {
+    method: 'GET',
+    headers: {
+        'Authorization': `Basic ${credentials}`
+    }
+})
+.then(response => response.json())
+.then(data => {
+    console.log('New access token:', data.access_token);
+    sessionStorage.setItem('auth_token', data.access_token);
+})
+.catch(error => console.error('Error:', error));
+----
+
+NOTE: Generating a new token is a cryptographic operation and can have significant performance overhead. It is the responsibility of the client to renew the token using this query parameter when it is going to expire soon.
+
 ===== Cookie-Based Authentication
 
 For browser-based applications, use the `/token/cookie` endpoint to set an HttpOnly cookie (more secure as the token isn't exposed to JavaScript):