← Back to glossary

🔁

Refresh Token

Session Management

Authentication Least Privilege Session Management Access Token

A longer-lived token used to get new access tokens.

Definition

A refresh token lets an app get a new access token without asking you to log in again.

In plain English A longer-lived token used to get new access tokens.

Why this matters

Why it matters: It lasts longer than access tokens, so protecting it is critical.

Example

Example: Your phone app stays logged in because it can refresh tokens in the background.