Plus storing access token in memory would result in doing extra refresh calls every time the user reloads the page + you would have to prevent against CSRF attacks anyway to prevent the refresh endpoint from being called from a malicious site
SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).
