I have an app where the JWT will have a short exp time. Let's say 1h.
I want to auto refresh it, so on the client there will be a autoRefresh() poll that will ping the backend to get a fresh token if the jwt exp is near. This takes in the ORIGINAL JWT token and returns a fresh JWT token with 1h exp. Repeat.
Note that I am not using refresh tokens at all.
In the case of serious issue, we can lock user account for 1h.
What are the dangers of self refreshing JWTs? If I am forced to implement refresh tokens, why not just implement validJWTs on the db level since we're going "stateful", which even allows me to "kill" tokens if they aren't in validJWTs