JWTs usually have an expiration time (e.g., 15 minutes, 1 hour) to limit their validity. When a token expires, the client needs to obtain a new one. This is often done using a refresh token, which is a separate, longer-lived token that the client can exchange for a new JWT. This is a standard procedure that pretty much every api uses. So, why is no such feature implemented in Strapi?
had conversations with derrick about this in the past it mostly has to do with the users-permissions plugin. they hope for v5 or maby even before that to write a new users-permissions plugin with more features like refresh tokens