How to handle authentication to web service from mobile?

I'm making a mobile application, and I use JSON Web Token Authentication (JWT Auth), but I have three questions about:

1. Should I use refresh-tokens or non-expiring access tokens?


2. In case I use refresh-tokens, when the token expires, should I sign out the user (and force the user to login again) or create a new one and send it back to the app so it can be used for future requests?


3. How should I save the token on the mobile (database, preferences,etc.)?

Any help and resource about this (books,documents,blog,etc.) would be appreciated, thanks in advance!