I've been testing the Dropbox OAuth2 endpoints for a few days and I have read the documentation provided directly by Dropbox. However, it is not clear to me how I'm supposed to handle the acquisition of a new refresh token after the first one has been used. The documentation, diagrams, and code samples do not mention this use case as far as I have seen.
In short, I can use one of the available authentication schemes (implicit, PKCE, etc.) to get a token and a refresh token, but then what? I have a Python client running in my environment that needs to connect 24/7, which currently works with long-term tokens, but how do I avoid needing to constantly click 'Allow' when I need to refresh the token? The only way I've been able to reconnect is to send the user back to the browser to get a code. What is supposed to happen when a refresh token expires and how do I deal with it using the implicit and PKCE flows?
In most of the other APIs I've used, asking for a new token returns yet another refresh token, which can be done repeatedly without limitation and that's what I need to do in this case as well. I want my users to authorize the app one time and then never need to do so again; that's the end goal.