Session 2.1 - Refresh token unnecessary for login

The spec currently says "In either case, an ID Token will also be returned along with the Access Token when submitting a Refresh Token to the Token Endpoint if the initial authorization request included id_token in the response_type parameter." About this, Yaron Goland wrote:

This is again mixing up login and general OAuth functionality. Login doesn’t have a refresh token because you can’t refresh a login token, you get a new one by repeating the login process.

I recognize the desire as stated in the next sentence to use the login token as a session identifier but I think this is all pretty backwards.

As discussed in the new approach if someone gets a login token and at the same time gets session oriented permissions (as opposed to open ended permissions) to access protected resources then access tokens should come back for those protected resources and those access token should last just as long as the id token and be renewed in exactly the same way, by having the user login again. No refresh token. No mixing of login tokens and access tokens. And yes systems like Facebook can short circuit all of this and just use the id token as an access token if they want.