Access token clarification

[spire-mike]

Can somebody please explain how authorization is supposed to work with this library? Do I need to pass in the access_token parameter myself, or does the library handle generating it for me using the refresh_token in the my_credentials? I set up my credentials in code like the docs mention:

my_credentials = dict(
    refresh_token='your-refresh_token',
    client_id='your-client_id',
    client_secret='your-client_secret',
    profile_id='your-profile_id',
)

Then I attempt to make a call like this:

result = CampaignsV3(credentials=my_credentials, marketplace=Marketplaces.NA).list_campaigns(body={})

However, I receive a 401 unauthorized error. If I use the refresh token and same credentials to manually make an HTTP request and retrieve an access token, and then pass that token into the call, it returns a response successfully:

result = CampaignsV3(credentials=my_credentials, marketplace=Marketplaces.NA, access_token='my-access-token').list_campaigns(body={})

I am confused whether or not I am supposed to be keeping track of access tokens myself, or if the library does this for me using th refresh token I provide.

Can somebody please help?