Strong reason to not send refresh token on every request?
I’m creating a backend that supports authentication with JWT tokens. I’m using the classic access token / refresh token combo.
the access token is valid for 5 minutes and allows the users to perform some actions. It’s not checked against … Continue reading Strong reason to not send refresh token on every request?