RefreshTokens
Refresh tokens are credentials used to obtain new access tokens in OAuth 2.0 and OpenID Connect flows. They are issued by the authorization server alongside an access token after a successful authorization, and are intended to preserve a user session without requiring re-authentication.
When an access token expires, the client can request a new one by sending a request to
Security and best practices are central to refresh token use. Because refresh tokens typically have longer
Scope and implementation details vary by provider. Refresh tokens are commonly used with confidential clients and
Lifecycle considerations include token lifetimes set by policy, with refresh tokens lasting from days to weeks