Gal Malachi wow! what a great lesson... thanks!

Great post! Until now I used to save the access token in the local storage with expiration of 30 minutes or similar short term. On every full reload of the app or 5 min before access token's expiration - refresh using the refresh token. Is this in fact a bad practice? should I persist the access token in the session storage instead?