Is there a way to replace the use of username and password authentication so that a third party can authenticate into salesforce with access/refresh tokens indefinitely after a one time authentication with username and password. Our company is a partner with salesforce and we receive many concerns with customers and third party integrations using username and password flows. We would like to be able to use access and refresh tokens instead. Currently, I can only find a way to get 1 refresh token per manual UI login with a webserver flow. We would like to be able to grant access with a 1 time login to obtain a curl code and use that to obtain a access token and refresh token and then get refresh tokens indefinitely. This is so that a third party integration doesn't have to worry about passwords expiring/changing on a designated integration user, interrupting the integration. We could set the password to never expire but, that loosens security by never changing passwords. Is there a way to accomplish this with web-server flow? Is there another way to use tokens to authenticate instead of username/passwords? The integration has to be code only with no UI so, authenticating via salesforceUI is not an option. Any Ideas or previous successes?