In the previous three chapters, we worked on the full end-to-end process of fetching an access token and using it to make an API call. We demonstrated this in a variety of ways, using the two most common methods for requesting an access token, as well as using the three methods for passing an access token in a protected resource access request. This works great for a single API call. However, what happens when you want to make multiple API calls over a longer period of time? Or, more specifically, how do we deal with expired access tokens? This is what we will be exploring next.

In this chapter, we will look at the optional workflow for refreshing your access token using what's called a refresh token. This workflow ...