Access Token

* JWT
* Contains all of the info someone needs to be logged
* Says this user has Access
* Only available in current session

Refresh Token
* JWT
* Only contains session id
* If valid, then it is used to generate new access Token
* Used to refresh the access token