A cronjob or server task would use an App Access/Client Credentials token.
This kind of token doesn’t come with a refresh token.
When it expires just get a new token.
If running a user token in a cronjob then you would use the refresh token to get a new token, but if the refresh fails you’ll need to seed a new user/refresh token. (This applies for when keeping sub data in sync or something)