To allow for applications to remain authenticated for long periods in a world of expiring tokens, we allow for sessions to be refreshed, in accordance with the guidelines in “Refreshing an Access Token” in the OAuth2 RFC. Generally, refresh tokens are used to extend the lifetime of a given authorization.
Token expirations do not affect existing tokens. In the future, we will revoke permanently-lived sessions.
Forever tokens are going away for user based tokens