In asp.net boilerplate, I'm wondering, why there is an encryptedAccessToken in the api/TokenAuth/Authenticate method? there is no documentation on this.
Also, the JWT is 1 day valid so: -is it secure to have this long time JWT? -what happen after JWT expiry? the client will have to re-login? there is no refresh token.
