Websocket refresh token

Hi there, i'm currently developing a multiplayer turn base card game with Unity. The multiplayer architecture will be using websocket (NodeJS Socket.IO) and for the security wise, i'm using JWT with refresh token after access token expired.

Everytime when i emit a request to websocket, i will emit the request along with the access token. By right when the access token has expired, i should revoke a new access token with refresh token. My concern here is the refresh token handling. Should i emit request back to client for getting the refresh token and re-emit the refresh token back to websocket to renew the access token? To renew the access token, I will validate the refresh token through Database to make sure the token is valid. I am wondering the entire process is appropriate and causing any delay(lagging) since it is real-time multiplayer game.

Anyone here able to give some advice?

 

Not too experianced with the JWT library you are speaking about, in fact. Never heard it. However, generaly you want a token that lasts for the lifetime of the session. If the token is more than an idenitifer (Ex, Uath). Then what you probably want to do is first send the token. And In exchange, you will get a random token that you can use in further communication,