While long lived access tokens may be convenient for early development, we really need to implement refresh tokens in FOLIO so our access tokens can be short lived. We should get to this sooner rather than later.
As I didn't see an existing JIRA filed for refresh tokens, this has been created to ensure we keep it visible on our backlog. We also have some decisions to make regarding refresh token implementation, such as validation, expiration, revocation, and rotation. There are likely suitable third-party libraries worth considering as well, so we're not re-inventing the wheel here.