my authentication strategy is pretty simple: JWT access token that only gets stored in memory, expires every 15 minutes, and is refreshed with an http only cookie.
I\
