The refreshToken is valid for 7 days.
Auth Best Practices and Middleware flow:
We recommend storing all the information returned by SignIn and SignUp.
Every request except SignIn and SignUp require the accessToken in the header.
refreshToken is used to refresh the accessToken in the refresh-access-token endpoint.
Typical auth middleware flow: If any API request returns a 401 response code, this means the accessToken needs to be refreshed. Call the /auth/refresh-access-token endpoint. If this request returns a 401 as well, it means the refreshToken is expired. If the refreshToken is expired, remove the access and refresh tokens from local storage, call the /auth/revoke-refresh-token endpoint, then finally log the user out.