👋 Has anyone implemented a refresh jwt-token logic? Ideally I would like to protect the

/refresh-token

route so it will require the access token in order to verify that refresh-token corresponds with the same access token. Is there a way for this route to be executed even if the token is expired?

optional = false

will only bypass auth if there is no token, but it will return Unauthorized and will not execute route if the token is expired

authenticate {
        get("/refresh-token") {
            // TODO Refresh Access Token
        }
    }