There is no expiry time provided for refresh token in this documentation (https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/#OAuthonBitbucketCloud-Refreshtokens).
Or will the refresh token stay without expiry ?
Will this answer still holds true ? https://community.atlassian.com/t5/Answers-Developer-Questions/Does-the-oauth-2-refresh-token-expire/qaq-p/574230
Refresh tokens don't expire. I guess answer holds good as I found another thread which had the same link as mentioned used in the answer https://community.atlassian.com/t5/Bitbucket-questions/Does-the-refresh-token-obtained-through-the-OAuth-2-0-for-Apps/qaq-p/1417743
For authentication yes access token and secret is used.
Refresh tokens are just credential artifact which allows client application to get a new access tokens without having to ask the user to log in again.
Let me explain in detail about refresh token and working.
A refresh token is a special token that is used to obtain additional access tokens. This allows you to have short-lived access tokens without having to collect credentials every time one expires. You request a refresh token alongside the access and/or ID tokens as part of a user's initial authentication and authorization flow. Applications must then securely store refresh tokens since they allow users to remain authenticated.
For clients such as native apps, persistent refresh tokens help improve a user's authentication experience. For example, persistent refresh tokens allow a user to access streaming video services on their smart TV without signing in after they complete the initial device authorization.