once login, receive access token and refresh token. store them safely in client's side.
when access token expires and an attempt to retrieve resource fails, attempt to renew tokens using refresh tokens. then update the local store according. if this fails then automatically log out.
when logout, clear locally stored tokens and send a request to server to remove refresh token stored in db
once login, receive access token and refresh token. store them safely in client's side. when access token expires and an attempt to retrieve resource fails, attempt to renew tokens using refresh tokens. then update the local store according. if this fails then automatically log out. when logout, clear locally stored tokens and send a request to server to remove refresh token stored in db