Use Differents Kinds of Scope
Fleetinguse differents kinds of scope for access token
For the day to day stuff in OAuth 2.0, use a very long lived refresh token with a very small scope.
For the critical stuff, ask for a more critical scope and don’t provide refresh token.
That way, the day to day use is straight forward and the critical stuff needs to login again.