When a user requests a resource and is logged in, there should be some middleware which looks up the user data and then populates the request object for other middleware to use.
The refeshToken and access token should only store the users id or email
When a user requests a resource and is logged in, there should be some middleware which looks up the user data and then populates the request object for other middleware to use.
The refeshToken and access token should only store the users id or email