Instead of returning two tokens after login, can I put the refresh token inside the access token?
When the access token becomes expired, user needs to pass the expired to
