I’m asking myself what are the benefits of refresh token over saving the user password (securely) on user device and perform a transparent login (background) with its credentials to get a fresh new access token?
Note: you would have to “identify” first in order to perform the background login (Face/Touch ID/PIN fallback)
That emulates a refresh token flow, only instead of using said refresh token to extend the access token, we just re-login the user transparently to get a fresh new one.
Are there security implications in doing so vs a standard refresh token flow?