I made a simple test application which uses a hybrid flow to authenticate . I store the refresh token as a claim and so i'm able to refresh tokens.
But what ist the recommended best practice when to do that?
on which event should I validate the expiration? Or should I wait for an unauthorized event ? Is there any example for this?
I know I could check the expire of the token before a request ist made or I may wait for an unauthorized, but is there any recommended best pracitice way when or in what kind of event to do that?