What is the recommended way for refreshing JWT tokens used for Google Cloud Endpoints?
As background, from what I understand, Google Cloud Endpoints uses JWTs for authenticating users by reading from the "Authorization" header, looking for "Bearer $JWT". This method works really well for allowing users to access your APIs because it provides authenticated access to your API without having to necessarily do a lookup on that user, since the signature of the JWT can be used to validate the expiration and creds contained with the JWT. However, it is not uncommon for JWTs to expire within 1 hour, and of course users are not going to want to log in every hour... which leads me to my question above.
