Hi there, just had a quick question. If I have a refresh token (after signing in successfully with PKCE) and then I use that refresh token to get a new access token, I get both an access token and an id token, but for some reason I was also expecting a new refresh token to be received in the response?
Should I be getting a new refresh token every time I use my current refresh token? Or will I only get one when I revoke my current one first and have the user sign in again?
Basically when it comes to access and refresh tokens: Access Tokens can be renewed at any time using Refresh Tokens , they should be renewed when old ones have expired, or when getting access to a new resource for the first time. Refresh Tokens never expire.