The refresh_token used to access the API is valid for a single use.

Hi everyone,

I'm currently working on establishing a connection between an external application and the Sugar API. Initially, I'm using the password grant_type for my first connection attempt.

```json
{
"grant_type": "password",
"client_id": "{{client_id}}",
"client_secret": "{{client_secret}}",
"username": "{{username}}",
"password": "{{password}}",
"platform": "{{platform}}"
}
```

This setup successfully returns both the access_token and the refresh_token. I'm storing these tokens in my cache and utilizing the access_token for operations. However, after an hour, the access_token expires, prompting me to use the refresh_token to obtain a new access_token.

```json
{
"grant_type": "refresh_token",
"refresh_token": "{{refresh_token}}",
"client_id": "{{client_id}}",
"client_secret": "{{client_secret}}",
"platform": "{{platform}}"
}
```

Here's where the issue arises: the refresh_token can only be used once. Subsequent attempts to use the same refresh_token fail, as it changes after its initial use. I'm unsure if this behavior is intended or if it's a bug. Moreover, I'm struggling to grasp the practical use case for the refresh_token if it's only usable once.

Your insights on this matter would be greatly appreciated.

Thanks.