Hey @User . I was going through your middleware code here: https://pastebin.com/HZaRcsDQ A few points: - I do not see anything specific to integration with PassportJS. Am I missing something? - Line 23, you call the refreshSession function. This implies that you are sending the refresh token on each API call as well. This is incorrect, as the refresh token is to be sent ONLY to the refresh API. That API should not use this middleware - If the refreshSession function (in the refresh API), throws a session expired error, then you should wither ask the user to sign in again, or create a new session. - if the getSession function throws a TRY_REFRESH_TOKEN error, then you should sent 440 to the frontend (which will then try to call the refresh API) If I have misunderstood your code, please feel free to correct me.