diff --git a/docs/authentication/operations.mdx b/docs/authentication/operations.mdx
index 1bc1979f01..103ab2f002 100644
--- a/docs/authentication/operations.mdx
+++ b/docs/authentication/operations.mdx
@@ -191,7 +191,7 @@ mutation {
 
 ## Refresh
 
-Allows for "refreshing" JWTs. If your user has a token that is about to expire, but the user is still active and using the app, you might want to use the `refresh` operation to receive a new token by sending the operation the token that is about to expire.
+Allows for "refreshing" JWTs. If your user has a token that is about to expire, but the user is still active and using the app, you might want to use the `refresh` operation to receive a new token by executing this operation via the authenticated user.
 
 This operation requires a non-expired token to send back a new one. If the user's token has already expired, you will need to allow them to log in again to retrieve a new token.
 
@@ -237,13 +237,6 @@ mutation {
 }
 ```
 
-<Banner type="success">
-  The Refresh operation will automatically find the user's token in either a JWT header or the
-  HTTP-only cookie. But, you can specify the token you're looking to refresh by providing the REST
-  API with a `token` within the JSON body of the request, or by providing the GraphQL resolver a
-  `token` arg.
-</Banner>
-
 ## Verify by Email
 
 If your collection supports email verification, the Verify operation will be exposed which accepts a verification token and sets the user's `_verified` property to `true`, thereby allowing the user to authenticate with the Payload API.
diff --git a/packages/graphql/src/resolvers/auth/refresh.ts b/packages/graphql/src/resolvers/auth/refresh.ts
index 0722fed8a3..e2af3916ae 100644
--- a/packages/graphql/src/resolvers/auth/refresh.ts
+++ b/packages/graphql/src/resolvers/auth/refresh.ts
@@ -1,24 +1,15 @@
 import type { Collection } from 'payload'
 
-import { extractJWT, generatePayloadCookie, isolateObjectProperty, refreshOperation } from 'payload'
+import { generatePayloadCookie, isolateObjectProperty, refreshOperation } from 'payload'
 
 import type { Context } from '../types.js'
 
 function refreshResolver(collection: Collection): any {
-  async function resolver(_, args, context: Context) {
-    let token
-
-    token = extractJWT(context.req)
-
-    if (args.token) {
-      token = args.token
-    }
-
+  async function resolver(_, __, context: Context) {
     const options = {
       collection,
       depth: 0,
       req: isolateObjectProperty(context.req, 'transactionID'),
-      token,
     }
 
     const result = await refreshOperation(options)
diff --git a/packages/graphql/src/schema/initCollections.ts b/packages/graphql/src/schema/initCollections.ts
index a7395c058e..75b3aedcb4 100644
--- a/packages/graphql/src/schema/initCollections.ts
+++ b/packages/graphql/src/schema/initCollections.ts
@@ -416,9 +416,6 @@ function initCollectionsGraphQL({ config, graphqlResult }: InitCollectionsGraphQ
             },
           },
         }),
-        args: {
-          token: { type: GraphQLString },
-        },
         resolve: refresh(collection),
       }
 
diff --git a/packages/next/src/routes/rest/auth/refresh.ts b/packages/next/src/routes/rest/auth/refresh.ts
index bc65e441d4..9c77ca90c3 100644
--- a/packages/next/src/routes/rest/auth/refresh.ts
+++ b/packages/next/src/routes/rest/auth/refresh.ts
@@ -1,5 +1,5 @@
 import httpStatus from 'http-status'
-import { extractJWT, generatePayloadCookie, refreshOperation } from 'payload'
+import { generatePayloadCookie, refreshOperation } from 'payload'
 
 import type { CollectionRouteHandler } from '../types.js'
 
@@ -7,29 +7,15 @@ import { headersWithCors } from '../../../utilities/headersWithCors.js'
 
 export const refresh: CollectionRouteHandler = async ({ collection, req }) => {
   const { t } = req
-  const token = typeof req.data?.token === 'string' ? req.data.token : extractJWT(req)
 
   const headers = headersWithCors({
     headers: new Headers(),
     req,
   })
 
-  if (!token) {
-    return Response.json(
-      {
-        message: t('error:tokenNotProvided'),
-      },
-      {
-        headers,
-        status: httpStatus.UNAUTHORIZED,
-      },
-    )
-  }
-
   const result = await refreshOperation({
     collection,
     req,
-    token,
   })
 
   if (result.setCookie) {
diff --git a/packages/payload/src/auth/operations/refresh.ts b/packages/payload/src/auth/operations/refresh.ts
index 65a668f2e0..345575a294 100644
--- a/packages/payload/src/auth/operations/refresh.ts
+++ b/packages/payload/src/auth/operations/refresh.ts
@@ -22,7 +22,6 @@ export type Result = {
 export type Arguments = {
   collection: Collection
   req: PayloadRequestWithData
-  token: string
 }
 
 export const refreshOperation = async (incomingArgs: Arguments): Promise<Result> => {
@@ -63,7 +62,7 @@ export const refreshOperation = async (incomingArgs: Arguments): Promise<Result>
       },
     } = args
 
-    if (typeof args.token !== 'string' || !args.req.user) throw new Forbidden(args.req.t)
+    if (!args.req.user) throw new Forbidden(args.req.t)
 
     const parsedURL = url.parse(args.req.url)
     const isGraphQL = parsedURL.pathname === config.routes.graphQL