Refresh Token - into Cookie (hhtpOnly, SameSite=strict & secure=true (HTTPS)) Access Token - into Mem (local variable)