Let’s build the underlying design for it.
Log in the user using the credentials and verify it later…
A token is stored on the server side and client side. If the user now attempts to access the page, use this token to authenticate the user
The access token is first verified, and if the access token expires, the refresh token is verified to generate a new access token and refresh token.
If the refresh token also expires, redirect the user to the login route. After success the credentials generate a new access token and refresh the token and repeat the same cycle.
Note: Each time a new token is generated, we generate new access tokens and reference tokens.