panva
commented
3 years ago I don't believe there's anything to explain. "Refresh Token" schemes outside of OAuth 2.0 actual Refresh Tokens are dime a dozen. Better to not open a can of worms calling something a refresh token.
Previously, https://github.com/paragonie/paseto/issues/104