Confusion with Refresh Token Logic and Storage in Authentication Module

[fahizp]

Problem:

The logic for generating and managing refresh tokens in the authentication module is unclear.
Currently, refresh tokens are generated using an API endpoint named generate token, but the correct timing for generating these tokens is not well understood.
Additionally, refresh tokens are being stored in the database, and the reasoning behind storing them in the database is unclear.

Module Affected: Authentication Module

Expected Behavior:

Clear understanding and implementation of when and how refresh tokens should be generated.
Clarification on the need for storing refresh tokens in the database.

Actual Behavior:

Uncertainty regarding the refresh token generation process and its timing.
Unclear rationale for storing refresh tokens in the database.

Request for Help:

Guidance on the correct logic for refresh token generation.
Clarification on whether storing refresh tokens in the database is necessary or if there’s a better approach.