onError Authentication with refresh token best practice

In the documentation for onError there is the following code:

onError(({ graphQLErrors, networkError, operation, forward }) => {
  if (graphQLErrors) {
    for (let err of graphQLErrors) {
      switch (err.extensions.code) {
        // Apollo Server sets code to UNAUTHENTICATED
        // when an AuthenticationError is thrown in a resolver
        case "UNAUTHENTICATED":
          // Modify the operation context with a new token
          const oldHeaders = operation.getContext().headers;
            headers: {
              authorization: getNewToken(),
          // Retry the request, returning the new observable
          return forward(operation);

  // To retry on network errors, we recommend the RetryLink
  // instead of the onError link. This just logs the error.
  if (networkError) {
    console.log(`[Network error]: ${networkError}`);

My question is in regards to the getNewToken, in order to make a request to the backend here do you need to use a rest api or is there a natively supported apollo/graphql way to do it, say even executing a query or mutation here.

The problem with trying to execute a query in the function getNewToken() would be the fact that this code has to be in the top level react component sine onError needs to be used in ApolloClient like:

const apolloClient = new ApolloClient({
  cache: new InMemoryCache(),
  link: from([authLink, errorLink, httpLink]),

Thus I am wondering if there is a graphql way to do this or if I just need to add express to my server and use axios to make a request here. I posted this question with a few more details on stackoverflow but figured it would be good to ask here as well, here is the original post