#GWGaaronpk is the OAuth2 expert, but if I understand it correctly, and why I was one of those pushing for it, is that short-lived access tokens with refresh are better than a long-lived token for clients where you want them to have access for a longer period of time