JWT and refresh tokens
I need some advice on how to handle refresh tokens 
Is it "good enough" if I generate two JWT tokens (accessToken, refreshToken), and let the resfrehToken just contain one claim, being the userID? And whenever I do a api call from the client and it returns a 401, I then call a /refresh api call, to get a new accessToken and retry the request - as long as the refreshToken is valid?
Is it "good enough" if I generate two JWT tokens (accessToken, refreshToken), and let the resfrehToken just contain one claim, being the userID? And whenever I do a api call from the client and it returns a 401, I then call a /refresh api call, to get a new accessToken and retry the request - as long as the refreshToken is valid?
