Auto refresh with lexik

[dev-yann]

It appear that the problem is already reported but closed here https://github.com/markitosgv/JWTRefreshTokenBundle/issues/147. But my question is less specific.

In fact I would like to split this solution in 3 cases:

1. Request with not expired token => everything is fine
2. Request with expired token but refresh_token is in headers (or cookie as you want), so refresh action is call.
3. Request with all token expired, return 401.

I would like to know if any better solution exist, or if #147 is the only way ? Finally, I find this features very perfect because we can control jwt and stay stateless, and if jwt is not enough we can control user integrity with refresh_token in database (not stateless), so, nothing suggests such an implementation? Thanks for your time and your mercy 🙏

[Jayfrown]

I think it would be better to have the client periodically explicitly refresh the JWT (by hitting the /refresh endpoint with a valid refresh_token) rather than have the server do this 'under the hood'