JWT authentication – multiple refresh token flow
In my application, when users provide a username and password, they retrieve a access and refresh token. Let’s call these a1 and r1 This is then stored on the client.
If a hacker manages to steal these tokens, they could use r1 to call th…