The API returns a short-lived token (JWT), which expires in 15 minutes, and in HTTP cookies, the refresh token expires in 7 days. JWT is currently used for accessing secure ways on API, whereas a refresh token generates another new JWT access token when it expires or even before .
Read moreHow do I refresh user token?
To use the refresh token, make a POST request to the service’s token endpoint with grant_type=refresh_token , and include the refresh token as well as the client credentials if required .
Read moreWhy do we need refresh token?
So why does a web application need a refresh token? The main reason to use refresh tokens in web applications is to reduce the lifetime of an access token . When a web application obtains an access token with a lifetime of five to 10 minutes, that token will likely expire while the user is using the application.
Read more