JWT as refresh token

[milaan-muc]

Should i use JWT for both access and refresh tokens? Guides i found so far are just talking about a random string for the refresh token but the Nuxt Auth docs are saying:

refreshToken -> maxAge:
Here you set the expiration time of the token, in seconds. This time will be used if for some reason we couldn't decode the token to get the expiration date. You can set it to false if your refresh token doesn't expire.

I assume, if Nuxt Auth should get the expiration date from the token it has to be a JWT one, right?

BTW: Anyone has a good tutorial which is update to date and covers rotating refresh tokens with nuxt auth?

[arnaud16571542]

My backend server handle refresh token as secret random key stored in redis and it works, but you could use jwt as well.
I used both methods and it worked. I use secret random key because it is provided with my backend, and you could have need of redis if you want to revoke your jwt refresh token.