authentication token session-state refresh-token session-management

Refreshing the Refresh Token

The way I understand Access Token and Refresh tokens is as follows:

Authenticate to App
Receive (short lived) access token and (longer living) refresh token
requests resources from App with access token
If Access token expired request new Access Token with Refresh Token.
Refresh Token expires user must reauthenticate.

Lets imagine refresh token is valid for 30 days. On day 30 the user is in the middle of some business and his refresh token expires. Does he get automatically logged out? I haven't seen that happen...

So What is refreshing the refresh token without the user manually inputting credentials?

Solution

Every time the application asks for a new Access Token (step 4 in your list), it can also be given a new Refresh Token, with an even later expiry.

Effectively, the life time of the Refresh Token is the maximum idle time of the user's session.