Hi @Maik Brauer
Thank you for reaching out to the community forum!
Your understanding is correct Access Token is used, Refresh tokens in the Microsoft identity platform are designed to be used to obtain new access tokens when the current access token expires.
When you use a refresh token to obtain a new access token, you also receive a new refresh token with a renewed lifetime. This cycle can continue indefinitely, as long as the refresh token is used within its validity period to obtain a new one. However, the maximum time period before which a refresh token can be used to acquire a new access token, if your application had been granted the offline_access scope, is 14 days. The minimum (inclusive) is 24 hours. So, the refresh token can't be used forever.If you’re using the refresh token within its validity period, you can’t extend the session beyond the maximum lifetime set for the refresh token. After the maximum lifetime is reached, the user will need to re-authenticate to obtain a new refresh token.
Reference: https://learn.microsoft.com/EN-US/entra/identity-platform/refresh-tokens
https://learn.microsoft.com/en-us/entra/identity-platform/configure-token-lifetimes
Hope this helps. Do let us know if you any further queries.
Thanks,
Akhilesh.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.