I'm new to iOS and RESTful API development. I've developed a local API in Node.js that handles basic requests to and from a local MongoDB instance, and am working on user authentication via Sign in With Apple based on this tutorial from Better Programming.
It's my understanding that Json Web Tokens are one of several ways the server can verify the client, in which case user-specific information is sent back in a response. My question is this: because JWTs have a short lifespan, what is sent by an iOS device to query the database for user-specific info? Do I need to have a verification method that checks to see if the JWT is expired, and if it is, issue a new one? Or is there another token that I should be using in its place that lasts longer?
The answer to a similar Auth0 question implies that I should be creating a token server-side, and then providing it to the user. If this is the case, would this then be sent back and forth between the client and the server?
