Token Based Auth Documentation

Hello, can someone please provide documentation or explanation on how token based auth works? For context I am just a simplejwt extension in Django for my backend. Couple questions:

  • How does the /refresh endpoint work? Will it automatically get called and access token refreshed if the API returns 400?
  • If not, do we need to set up a global workflow for this? examples?
  • will the access token always be included in the header?