Olaf,

Getting a new token with the refresh token that you get from azure is possible by constructing the right request this is described here. Doing this without user interaction seems possible, there should be no need for user interaction. However when looking at the documentation from the OAuth implementation of Google the usage of the refresh token is not encouraged, don't know if the same applies to azure.

From Google:

Note that there are limits on the number of refresh tokens that will be issued; one limit per client/user combination, and another per user across all clients. You should save refresh tokens in long-term storage and continue to use them as long as they remain valid. If your application requests too many refresh tokens, it may run into these limits, in which case older refresh tokens will stop working.

Caching the access code should be possible the only thing that you'll nee to take into account is that if you're using a non-persistent entity that the Mendix server will garbage collect your entity when it is no longer being referenced. So you either need to store the code in a persitent entity or make sure the non-persitent entity is being referenced al the time (would not recommed either option). I would try and get the refresh code working in order to obtain a new access code for your REST webservice calls.