A closer look at the refresh token flow
If you recall from our discussion on access tokens in Chapter 3, Four Easy Steps, access tokens don't live forever. They have an expiry time which is often quite brief, usually on the order of minutes or hours. When your access token finally expires, what do you do? If your client is trusted, is using the authorization code grant flow, and the service provider you are integrating with supports the refresh token flow, then you can use a refresh token to fetch a new, valid access token.
To find out whether or not your service provider supports the refresh token flow, refer to their documentation. If so, you can expect to see a refresh_token value returned alongside your access_token value in your access token response (only with the authorization code grant flow). If you don't see this refresh token value present, then your service provider probably doesn't support it. However, if they do, you can make a refresh request, passing in this refresh token...
