Create a Refresh Token Feature in your Strapi Application

I solved!
to make api/token/refresh to public
add “auth:false” in config.

plugin.routes['content-api'].routes.push({
    method: 'POST',
    path: '/token/refresh',
    handler: 'auth.refreshToken',
    config: {
      policies: [],
      prefix: '',
      auth:false
    }
  });