Because access tokens are valid for only a short period of time, when a client acquires an access token to access a protected resource, the client also receives a refresh token. The refresh token is used to obtain new access/refresh token pairs when the current access token expires.
The presence of the refresh token means that the access token will expire and you’ll be able to get a new one without the user’s interaction.
Refresh tokens are also used to acquire extra access tokens for other resources.
how long do refresh tokens last?