Need some clarification on why refresh tokens are themselves getting refreshed

When doing a bearer token refresh, I notice the server returns a new refresh token as well - in order to refresh again, I need to send the new refresh token. If I send the old one I get an “invalid_request” response. Is this supposed to be done this way? It seems overkill to have both the bearer and refresh tokens reset.

If for some reason I fail to save the refresh token (maybe an exception gets thrown as I handle the new data, before I can persist it), I will be permanently locked out of refreshing, and the user will have to go through the authorization flow again. It also doesn’t help that the error message (invalid_request) is vague - should I force the user to re-authorize on all invalid_request errors?

@addamss Hi!
Can you help me understand how you make use of the request tokens to interact with Nextcloud?
I am using Node.js and want to use this request token to upload and delete the files to Nextcloud, any ideas? Currently, I am doing it with username and password!