Correct except:
Once that is done I use the refreshAccessToken() method with which I get the refresh token which lasts for 10 years.
you exchange the code with the accessToken (valid for 1 hour) and you get also the refresh token (valid for 10 years)
$accessToken = $client->dispatcher->fetchToken($_GET['code']);
$refreshToken = $client->dispatcher->refreshToken;
when the accessToken expired, you use the refreshToken to get a new accessToken (the code I shared).