If you decided to implement JWT tokens, then of course you should implement refresh tokens! The implementation of refresh tokens is really easy, and it improves the customer experience.
What do I mean by that? Basically if a JWT token expires, then the user has to be logged out and has to login again to get a fresh JWT token. The solution for this is a "Refresh Token".
What if you implement refresh tokens? When an API call is made, and you get the response 401 (Unauthorized means JWT Token Expired) then behind the scenes your software sends a request that contains the expired token and the refresh token. The server validates the expired JWT token and the refresh token, and if valid then a fresh pair of JWT token and refresh token is being returned to the client. The client now can try again to send the request that has initially failed.
I am doing this youtube series named "Advanced REST API with Express JS" in which I will give you best practices for developing your REST API with Express and Node.js.
In this episode I am showing you how to implement refresh tokens:
Feel free to watch the whole series on: https://www.youtube.com/watch?v=CLdkGgv9Miw&list=PLs1waz0ZKTGO7agN0cntpe6ro6TIka0ow&index=2&t=0s
Please support me by subscribing to my channel.