What is the diffirent from JWT auth token, JWT refresh token, JWR woosession? And about permission

[IRediTOTO]

Hi, I tried to use JWT auth token, JWT refresh token they are both worked to query or mutation.

1. JWR refresh token has a lifetime live, right ? I saw JWR auth token expired pretty fast, can I edit time of its?
2. What is the meaning of woosession? Do I need care about it ?
3. admin JWT can query everything, right?
4. I add admin JWT refresh to header of Apollo client function, is that safe to use? I need api can query everything include private data like users+ data.
5. Should we turn on Restrict Endpoint to Authenticated Users feature to get more secure? I tried and if user need login I must call to server then use admin JWT refresh token to mutation =>get user token => return to client => client can query their info on browser. Is this right step? :\

Thank you for any answer.