This is because we don’t want JWTs that have a long expiry date.
So the principle is:
Have a valid JWT during the session which you are in. You should never store a JWT in localstorage for example. The JWT should have a short validity date because of the risk that someone could hijack your JWT and use it.
The refresh token is used for getting a new token every 360s 