Regarding Thomas Lee's comment, when you make a request of type 'refresh_token', unlike what is described in Spotify's API documentation, the response does not return a refresh_token; it only provides the new token to be used. What I noticed is that the refresh_token is unique. In other words, the first time you make a request for an authorized user, it will give you a refresh_token, and it will not change. However, in subsequent responses, it will not return this refresh_token again. What I did on the frontend was to store this refresh_token, and every time a request of type 'refresh_token' is made, I manually add the previously saved refresh_token.