I have an application that uses JWT for user authentication. When a user login in the app, the backend returns an access token and refresh token, my question is:
both tokens must be stored in the same storage/place?
Yes. You will have to store it in the same storage. I'd suggest using something like Secure Store or Async Storage to store your JWT tokens. And when your application is launched, retrieve the access token from Secure Store and store it in memory. Redux preferably, so you don't have to constantly retrieve it from Secure Store each time you make an API call. But, avoid storing the Refresh Token in Redux because you will not use it as often as your access token.