We are getting the Invalid Refresh Token error and it turns out that the refresh_token has a 6 months expiration and we failed to refresh it.
I know that a scheduled job will fix this, but we already have affected users.
Is it possible to re-create the refresh tokens without asking our users to re-connect their KEAP accounts again in our Integration?
No, if you’ve let a Refresh Token lapse (and I should note that the current lifetime of Refresh Tokens is 45 days, not 6 months) you will have to re-authorize to obtain a new one. That is a standard security measure from the OAuth2 specification:
https://www.rfc-editor.org/rfc/rfc6749#section-1.5
(H) The authorization server authenticates the client and validates the refresh token, and if valid, issues a new access token (and, optionally, a new refresh token).