#jamietannaI'll probably only issue refresh_tokens for now to clients that I know need that persistent access like my own, whereas I'll want other clients to force to re-auth (particularly in the case where I want to limit exposure / leakage of tokens)