that would add security if the access and the next token are stored in different places. However, they are stored in the same place, so why would using both add security? I'd argue that just using the next token is enough. > And new next token can only be generated if access token expired Cool. However, why?