When using bearer tokens, you'll need to include the auth and refresh jwt's (along with your csrf secret) in each request.

The whole point of the auth token is so that we don't need to send the refresh token each time?