Too Long; Didn't Read
Jwenky is an API server coded in Express framework. The server can be one standalone server, functioning as both an Authentication and an Access server. The Jwt is signed by the Auth server with the private RSA key. The client submits both the Jwt, and the cookie, with each request it sends to the Access servers. The system uses a refresh token, in a cookie, to refresh the JWT, which is valid for 20 hours. The whole system does not need any additional XSRf protection; it is Xsrf proof by design. Both the server and the client are available in the Github repo.