Refresh Token
Back
Definition
A refresh token is a long-lived credential that allows an application to get a new access token without asking the user to sign in again. It is usually issued during an authentication or authorization flow and stored securely by the application.
Why it matters
Refresh tokens matter because access tokens are often short-lived for security reasons. They help keep users signed in while still limiting how long an access token can be used if it is exposed or stolen.
Example use case
A user stays signed in to a mobile app for several weeks. When the app’s access token expires, the app uses a refresh token to request a new one without interrupting the user.