When a request is made and the token is validated with a certain secret, this secret is reused when signing with res.sign(), I would prefer that it request a new secret i.e. call the secret function again.

Do you mean jwt.resign()?

sign(payload), in this case I have a new payload