Implement JWT refresh token #6
Description
long lived refresh token stored securely on client should be used to get/refresh short-lived acess tokens:
- https://auth0.com/docs/tokens/refresh-token
- https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/
There must be mechanism for refresh token revocation!