So why does a web application need a refresh token? The main reason to use refresh tokens in web applications is to reduce the lifetime of an access token . When a web application obtains an access token with a lifetime of five to 10 minutes, that token will likely expire while the user is using the application.