Thanks!
Just to be clear, you says both Access and Refresh Tokens should be stored… But from reading the refresh page, only the Refresh Token is passed back to refresh the Access Token. What’s the reason for long-term storing the Access Token?
And I see the Refresh Token is passed back… I assume it also changes anytime we refresh the Access Token?