I have an application that uses Keycloak SSO for authenticaton. I have a confidential client registered on Keycloak. At the moment, for each HTTPS request from my front end to back end, I send the user's access token as a bearer token. In my NestJS guard, I use the public key of the realm to check the validity of the access token. I need to implement a mechanism for refreshing expired tokens. What is the best practice for this? Should I do it on the front end application or back end? And how would I do this on back end using NestJS?
