So, I'm assigned with a task to create APIs for an Instagram-like application. And, Laravel is the framework that we decided to go with. I'm setting up authentication and the last time I did it, it was just with long-lived access tokens (jwt). You know like once users authenticate they're issued a long-lived access tokens which they provide on every subsequent requests. In fact, I'm thinking about doing this again.
But, I've recently learned that long-lived access tokens are bad. They can be stolen and misused. Short-lived access tokens must be used and should be renewed by a refresh token.
So, how do I introduce this "refresh token" into this client-server stateless architecture?
Kindly share your experience.