Yes, using the OAuth 2.0 refresh grant flow you can obtain a new access token without providing the username and password again. You will have to provide the refreshToken returned during the session open call or the password grant flow. Refresh grant tokens are valid for 24 hours.