you should be able to pass previous token to refresh token route and get a new token without user interacting with. What I usually do is, I store retrieved access_token and create a timestamp 30 seconds before it expires in session storage. Since all my requests require valid access token, before sending each request I check timestamp to see if the token is already expired. if so then I will send a request to refresh token request to get a new token with old token. once I receive the new token replace the old stored values with new ones and continue actual request. If refresh token fails then I redirect user to login page since user's session is already timed out and token is no longer valid.