OAuth 2.0 defines two types of tokens - access tokens are used on API calls to protected resources, and refresh tokens are used to obtain new access tokens. Other than refresh tokens having a longer lifetime than access tokens, the specification is quiet on just what is an appropriate lifetime for both.
With that as a given, I will attempt to provide a conceptual framework by which lifetimes might be chosen for access and refresh tokens (RT).
It presumes that token lifetimes are pushed up (longer) or down (shorter) based on:
The risk associated with the application.
How often the application is used.
Overly simplistic Claim #1 - A refresh token only serves a purpose if its lifetime is longer than the average time period between application usages
Apps that are used only infrequently therefore demand longer RT lifetimes - because otherwise the RT would have expired before it was ever used.
But this consideration can be overridden by application sensitivity/risk.