I recently implemented JWT (JSON Web Token) based auth on an embedded device using nginx with embedded Lua. Following are implementation details. refresh and access token are created as JWT (signed with variable JWT_SECRET) refresh token is delivered as cookie and stored on the client. It is valid for 24hrs only for path /jwt/refresh. access …