Hello @vinamelody,
Welcome to the community!
With SPAs, ID and Access Tokens are obtained from the authorization server and typically cached in memory. Token renewal (due to refreshing the browser, memory cache eviction budgets, or expiration) is handled by the SDK.
This means that the frontend code can rely on the SDK to manage Refresh Tokens’ exchange for new Access Tokens.
If you look in the dashboard application settings, you can see the Refresh Token expiration time. By default, it is 720 hours (2592000 seconds).
Since the error message says inavlid_grant, it may be possible that the application is not configured to accept Refresh Token grants. You can check this by opening the “Advanced Settings” menu within your application’s settings in the dashboard.
