The token is currently not refreshed.
If the client detects the token expired we remove it and ask the user to log in again.
Implement a new endpoint that receives the old token and verifies that the token was issued by our privateKey, then verifies that the user still exists and issues a new cannon token