Step 4 – Refresh your access token
The access tokens that you receive in Step 2 - Get your access token often aren't perpetual. Most tokens issued to you will have an expiry time. This may differ depending on the service provider you are integrating with as well as the properties of your client, but this is usually on the order of minutes or hours. Once it expires, it can no longer be used to access protected resources. To continue to access protected resources, you have two options:
Start the entire authentication process again. This may require your user to log back in.
Attempt to refresh the access token using the accompanying refresh token. This can be done without any user interaction, and so should be used whenever possible.
What if I don't have a refresh token?
As mentioned in the Sometimes a refresh token section earlier, refresh tokens are only returned in the authorization code grant type flow, and only when the service provider supports it. This is because this flow deals with trusted...
