What is the difference between refresh and access tokens?
Updated
Access tokens are temporary credentials that grant access to a protected resource, while refresh tokens are used to obtain new access tokens once the current ones expire.
When a user logs in to their Teya account and authorizes an application, they are granted an access token and a refresh token. The access token is used to authenticate API requests to access protected resources, while the refresh token is used to obtain new access tokens once the current ones expire.
To exchange a refresh token for a new access token, the application sends a refresh token request to the authorization server, which verifies the refresh token and issues a new access token in response. This process can continue until the refresh token itself expires or is revoked.