SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hey <@!498057949541826571>  I thought of a token security concept. Will this work?
It's called `next tokens`. And works like this:
- User logs in
    - generates Access token (expires after time (1hr), unlimited use)
    - generates Next token (unlimited expiry, single use)

- Both are stored in local/async storage OR in cookies
- User uses app/site, via access token and access token then expires
- To get new access token the user must send Access Token AND Next Token to specific endpoint eg `/next`
- Endpoint checks criteria:
   - Does Access Token match the issued one time use Next Token?
   - Has access token fully expired?
   - Has Next Token been used before?

- If it passes all 3 then a new Access Token and Next Token are generated
- If it fails check number 3 (next used before) it will send a hacking alert


How does this all sound?