Testing Jwt Authentication without ASP.NET Core Identity 2.0

obtaining new tokens using the refresh_token should happen only if the id_token has expired. it is a bad practice to call the endpoint to get a new token every time you do an API call.