docs: about refreshing tokens

ziluvatar · ziluvatar · commit 016fc10b847b · 2017-07-14T13:21:57.000+02:00
diff --git a/README.md b/README.md
@@ -283,6 +283,13 @@ ES384 | ECDSA using P-384 curve and SHA-384 hash algorithm
 ES512 | ECDSA using P-521 curve and SHA-512 hash algorithm
 none | No digital signature or MAC value included
 
+## Refreshing JWTs
+
+First of all, we recommend to think carefully if auto-refreshing a JWT will not introduce any vulnerability in your system.
+
+We are not comfortable including this as part of the library, however, you can take a look to [this example](https://gist.github.com/ziluvatar/a3feb505c4c0ec37059054537b38fc48) to show how this could be accomplish.
+Apart from that example there are [an issue](https://github.com/auth0/node-jsonwebtoken/issues/122) and [a pull request](https://github.com/auth0/node-jsonwebtoken/pull/172) to get more knowledge about this topic.
+
 # TODO
 
 * X.509 certificate chain is not checked
