[keycloak-user] How to know when to get a refreshed bearer token

Hi, My jee web application uses its bearer token when issuing AJAX requests to other REST services within the realm (but at different origins). It does it by reading the exposed bearer token prior to making an AJAX request. Is there a mechanism by which the application may find out when the bearer token is refreshed, to make it possible to read the bearer token only when needed ? Br / Hubert.