What type of application is it? An SPA (Single Page Application, such as Angular, Vue, React) or a Regular Web App with a backend?
Please see my direct reply here (in case it is an SPA):
which is about a similar question.
In a SPA, you don’t use a refresh token. Also for the access token, you should only hold it in memory, not store it in local storage. That applies to SPAs. See:
I wonder why many jwt posts recommend the refresh / access token policy.
It’s for regular web applications with backends, not SPAs.