1) Why does one need to pass the access token along with the next token to get a new access and next token?
2) If you do not required to pass an access token in the "Refresh" API, then it becomes the same as using short lived access and long lived, one time use, refresh tokens.
3) Storing tokens in localstorage is not a good idea
SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).
