Refresh tokens

[nnurmano]

The blog post https://www.danvega.dev/blog/2022/09/06/spring-security-jwt, say the following when

When you reach the point where the trade-offs for self-signed JWTs are not acceptable. An example might be the moment you want to introduce refresh tokens.

Could you please elaborate on this? Does it mean that with Oauth server, we should not be using refresh tokens?

[Nilliam]

I think he meant that it is not possible to use refresh tokens in this setup, hence if you want or need an extra layer of security, maybe it's worth considering another approach.