SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Yes! Session refreshing seems to be working fine now! Thanks for the helpful tip about using the correct route. I am able to see that the session refresh works on navigation if the access token is removed. I'm also able to see the "Token Theft" error if the same token is used twice.

I pushed my latest changes, but I want to clean a few pieces of the code up. The only thing I need to do now is add `supertokens-website` to `root` (for JS users). But I'm also playing with the idea of just storing complex forms in `localStorage`. This is because if the user is working with a complex form and somehow ends up refreshing the page, I'd still want their data to be there. So `localStorage` would theoretically solve both the navigation problem and the refresh problem for JS users. Don't know how I feel about that yet, though.