Refresh tokens contain the information required to obtain a new access token. This access token can then be used to authenticate the user without them having to re-authenticate. This is primarily useful for mobile applications that are installed on a device.
Usually, a user will need a new access token only after the previous one expires, or when gaining access to a new resource for the first time.
Refresh tokens are subject to strict storage requirements to ensure that they are not leaked. Refresh tokens can also be blacklisted by the authorization server.
See the Refresh Token page for information on how to obtain, view and revoke refresh tokens.