Refresh token or create new token when access_token expired

I’m using two legged authentication which work find until I get token expired.

I stored the refresh_token when I got the response:

{
  "token_type": "bearer",
  "access_token": "<--redacted-->",
  "expires_in": 7776000,
  "refresh_token": "<--redacted-->"
}

Then if the token invalid then I use refresh_token to get the new one.

curl https://api.particle.io/oauth/token -u "tempmon06-3459:<--redacted-->" -d grant_type= refresh_token

All works well, but until I have an account which doesn’t login a long time(more than 90 days I think) then I got token invalid error again. I think refresh_token has expired. not sure if correct.

Then I changed my strategy to create new token every time the token expires by using

curl https://api.particle.io/oauth/token -u "tempmon06-3459:<--redacted-->" -d grant_type= client_credentials

Which works fine. Then I inject successfully the token and try to use it. I got the new token. But when setup WIFI, it fails on the last step "X Verify device ownership"

Like this image I found in the community.

Not sure what should I do next. Does the way I create new token is wrong, or did I missed any important step?

What I am thing is when generate the new token the token doesn’t know which user? If so I used this way:

which is

curl -X POST https://api.spark.io/oauth/token \ 
  -d 'username=<YOUR_PASSWORD> \ 
  -d 'password=<YOUR_PASSWORD>' \ 
  -d 'grant_type=password' \
  -d 'client_id=<WHATEVER>' \
  -d 'client_secret=<WHATEVER>'

But still no luck.

Any help? thanks a lot!