Laravel

API authentication controller in laravel?

Hello. I am writing a laravel passport based authentication api for a mobile app. Users do not have a password. They log in with an SMS code. First, they enter a phone number -> an SMS code is sent to them -> and then there is a login request (with an SMS code in the request body) to the following controller method:

public function login(Request $request, User $user)
    {
        if ($request->get('phone_code') === $user->phone_code) {
            Auth::login($user, true);
            $token = $user->createToken($user->phone);

            return response()->json(["user" => auth()->user(), 'token_type' => 'Bearer', 'token' => $token->accessToken], 200);
        } else {
            return response()->json(["message" => "Wrong code"], 403);
        }
    }

This returns the access-token that will be sent in the headers on every request to the server. This token is valid for exactly one day in our system. In a day, it will become invalid and the user will have to request the code again by SMS. I wouldn't like it. At his first login, I would like to generate and give him a refresh token, which is valid for two weeks, in addition to the access token. And the next day, when the user's access token expires, he will not log out, and the application will send a request using a refresh token to get new tokens and he will remain logged in to the system and will already contact the server with a new access token. Actually the question is how to generate both an access token and a refresh token if the user does not have a password. Please tell me how can I achieve what I want?
And am I thinking right? After all, according to this scenario, mobile applications and spa applications allow users to stay in the system and not enter the password each time after the access token expires?