javascript - JWT refresh Token Implementation

Question

Instead of returning two tokens after login, can I put the refresh token inside the access token?

When the access token becomes expired, user needs to pass the expired token to get a new access token. When the expired token reached to server I will extract the refresh token from it and will check the expiry time of the refresh token if it's ok then I will return a new token with the same refresh token within it. If it's not ok then the user will be logged out and need to be login.

question from:https://stackoverflow.com/questions/65841371/jwt-refresh-token-implementation

Answer 1

It is possible to save a refresh token inside of an access token, and then access it on refresh but I don't see why you would want to do that? I never seen anyone do that so I would say it maybe isnt good practice. I would just stick to keeping them separate in the header.