A refresh token just helps you re-validate a user without them having to re-enter their login credentials multiple times . The access token is re-issued, provided the refresh token is a valid one requesting permission to access confidential resources.