create refresh and access token together

[ali-mahdavi-mehr]

now it can create an access token and refresh token together with a specific id that "aid" so in deny list we can block both of them, by blocking that is the same in both

[ali-mahdavi-mehr]

Before this, we must use postman or ... to test(to send the access or refresh token) but now there is a token field for each endpoint