We use tokens to authenticate users and authorize requests without keeping session data on the server. Tokens are data confirming a user’s identity and are analogous to digital signatures.
...
Refresh tokens : In OAuth 2.0 authorization frameworks, refresh tokens allow developers to manage users’ sessions across native, web-based, and single-page apps. They allow users to log in and stay connected without providing their passwords for long periods. Further, they add a layer of security for sensitive data, improving the user experience.
...
When the Token is invalid ?
the resource server refuse to fulfill the request and sends an invalid response
the app sends a new access token request using the refresh token
the authorization server uses the previously supplied refresh token and sends a new access token