How to fix that Withings developer API refresh token gets expired within 4 Hours?

Question

I have implemented an Java interface for OAuth2 of the Withings API ( http://developer.withings.com/oauth2/ ). Initially, there will be processed the Authorization Token ( http://developer.withings.com/oauth2/img/OauthDiagram.jpg ) that will be sent from the Withings backend to my server. With the Authorization Token I successfully get an Access Token and a Refresh Token. In turn, with the Access Token I can get the actual data from the resource server. The Refresh Token can successfully be used to get a new Access Token BUT ONLY roughly within 4 Hours. "Refresh Token" in http://developer.withings.com/oauth2/#tag/glossary describes that the Refresh Token will be "valid for one year". So I don't know where is my fault.

This is a cut-out of the log where the mechanism works at 2 PM but not a 6 PM. The App was granted access to user data with USER_ID at roughly 2 PM.

Aug 08, 2019 2:00:46 PM UserAccessData renewAccessToken
INFORMATION: Withings refresh access token request: grant_type=refresh_token&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&refresh_token=REFRESH_TOKEN&redirect_uri=REDIRECT_URI
Aug 08, 2019 2:00:46 PM UserAccessData renewAccessToken
INFORMATION: Withings refresh access token response: {"access_token":"ACCESS_TOKEN","expires_in":10800,"token_type":"Bearer","scope":"user.info,user.metrics,user.activity","refresh_token":"REFRESH_TOKEN","userid":USER_ID}
[...]
Aug 08, 2019 6:00:45 PM UserAccessData renewAccessToken
INFORMATION: Withings refresh access token request: grant_type=refresh_token&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&refresh_token=REFRESH_TOKEN&redirect_uri=REDIRECT_URI
Aug 08, 2019 6:00:46 PM UserAccessData renewAccessToken
INFORMATION: Withings refresh access token response: {"errors":[{"message":"invalid_grant: Invalid Params: invalid refresh_token"}]}
Aug 08, 2019 6:00:46 PM AccessTokenUpdaterTask run
SEVERE: UserAccessData of User with UserID USER_ID could not be renewed and refreshed properly

I don't know which Java snippet I should provide, because eg the renewAccessToken-Method works at 2 PM. Is that probably a misconfiguration at Withings backend (I think that they use GuzzleHTTP, because that is stated in their User-Agent when sending notifications to my server)? They don't answer E-Mails to their provided partner-Email ( http://developer.withings.com/oauth2/#tag/FAQ ).

Answer 1

After refreshing/initial registration the REFRESH_TOKEN in the 'Withings refresh access token response'

{"access_token":"ACCESS_TOKEN","expires_in":10800,"token_type":"Bearer","scope":"user.info,user.metrics,user.activity","refresh_token":"REFRESH_TOKEN","userid":USER_ID}

is the same for 4 Hours, but will ALSO be renewed and sent back in that response when requesting a new access token after these 4 Hours. So one have to save the ACCESS_TOKEN AND the REFRESH_TOKEN from that response when requesting a new access token.