How is the /refresh-token in this example secure? #22
Description
I think I am missing something but it seems to me that when you try an endless amount of random uuid's at the refresh-token endpoint at some point you get an jwt of a random user?
Probably this is secure because of guessing a random uuid is almost impossible.
But why can it be saved unencrypted to a database while you would save a password hashed? Because if your database is compromised you can login with it?