Hi @shahzad.adil,
OAuth 2.0 is a delegation protocol. Its entire purpose is to allow a 1st party (a person typically) to delegate authority to a 3rd party to act on their behalf. For example, allowing Zoom to manage events in my Google calendar so Zoom can add my video calls directly.
Since access tokens expire (and usually have a short lifetime) a refresh token allows the 3rd party to get new access tokens so it can continue working on behalf of the user. Without refresh tokens, the user would be asked to re-authorize the 3rd party every time a new access token was required. Imagine continuous pop-ups on your phone or browser asking you to re-authorize Zoom to access your calendar.
However, refresh tokens are optional. If you do not request offline_access
you won’t get a refresh token and the 3rd party’s access will expire.