Because the token is linked to a specific browser session, the user must go back to their browser, ensure they are still logged into Deezer, and copy the new ARL token. Sometimes, the user must actually log out of Deezer in the browser and log back in to force the generation of a fresh, valid token.
Deezer's internal servers use OAuth 2.0 and client certificates. No public token has ever bypassed that. Deezloader Token