Spartacus works differently than Accelerator. In the Accelerator, the session expires after a determined idle time. The counter is reset each time the user triggers a request. In Spartacus, the “access_token” has a fixed time to live which does not depend on the user being active or not. This is why you use a “refresh_token” to seamlessly get a new access token when the user’s current “access_token” expires. In the System/OAuth tab in Backoffice, you can manage OAuth clients and access tokens.

I recommend you use a “refresh_token” which Spartacus will automatically use to request a new access token once the current one expires. You can read more about the session management in Spartacus here.

You can read this page on how to setup handle refreshing an expired token here and here.

If the Spartacus state has a refresh token, the Spartacus will send it to renew the access token.