ojohnny
commented
2 years ago jwtRefreshToken is automatically refreshed every request and returned in the header x-jwt-refresh, so it is possible to write the appropriate networking middleware to automatically handle this (if your tech stack of choice allows it, of course).
But perhaps an explicit endpoint for this would be good as well? We already have refreshJwtAuthToken, so a refreshJwtRefreshToken might not be a bad idea.
I have question about the jwtRefreshToken. Is it possible to refresh this token if it close to expire without mutation with credentials? Passing credentials is always a security issue, and as i think if we have generated single refresh token why we cant make another mutation with previous refreshToken as we have simillar query with authToken?