I agree with @Hackinet and @Kamyar Safari. To better understand the scenario, an authorization code is needed at first which will be used to get an access token and refresh token. If the access token expires, the refresh token can be used to obtain a new one. However, to avoid any errors, ensure that your scopes match during the initial authorization and that the correct client_id and client_secret is used.

You can also take a look at this related Stack Overflow post. The question was made years ago but it could still provide some helpful insights.