When generating the initial access_token, I get back a refresh_token along with it that I can then use to refresh the access_token down the road. On the flip side, when I do a refresh, I get back a much longer id_token instead of another refresh_token. What is this id_token used for?
@jeremyw you can just ignore that
id_token . That is a different kind of token usually used for oidc conformant authorizations which we are not really using. We’ll just probably remove it from the response.
Also remember your refresh token wont change, unless you request for a brand new access token which will come with its own refresh token.