From http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com#Token_Refresh:

In this situation, the client application can use the refresh token to obtain a new access token. The refresh token represents the user's access grant to the application, and is valid until explicitly revoked by the user, via Setup ➤ My Personal Information ➤ Remote Access.

This is untrue.

I have a remote application that uses the OAuth web server flow. After I generate refresh and access tokens for a user, I fetch that user's data (accounts, contacts, leads, etc.) periodically. When the access token expires I generate a new one using the refresh token. This all happens in a long running process.

If I kill this process and start it up the next day or a few hours later, I receive an error message from the API telling me that the access token / refresh token has expired. If I try to refresh the token, I receive the same error message from the refresh token API endpoint. I take this to mean that the refresh token has also expired.

The user has not revoked access to the application nor has logged into any salesforce related applications or created any new salesforce browsing sessions. So nothing has happened except the passing of time.

Why is this happening? Can I prevent this in any way? As it stands now, this totally defeats the purpose of the refresh token schema.

Update:

Since there are no replies and many views: Does anyone periodically fetch data from salesforce accounts without storing a user's username and password, and without having the user's constantly reauthorize your external application? What does your workflow look like?