What are the differences between a `code`, an `access_token` and a `refresh_token`?

Check the comparison table below to understand the differences between them:

Type	When is it created?	Lifetime	How many times can it be used?	What do we use it for?
`code`	When the end-user successfully authenticates	5 minutes	Only once	To get the initial `access_token` and `refresh_token`
`access_token`	When the `code` is exchanged When the `access_token` is refreshed	Up to 1 hour	Unlimited, within the lifetime	To request the user’s data
`refresh_token`	When the `code` is exchanged	Usually 90 days	Unlimited, within the lifetime	To keep refreshing the `access_token` and retrieving until the consent is expired

Check out the blog posts below on discussions about tokens:

More