decoded = JWT.decode(access_token, verify_signature=false)  // decode without verification
now     = current_unix_timestamp()

if decoded.exp > now + 30:   // 30-second buffer
    // Token is still valid — use it directly
    proceed_to_step_2()
else:
    // Token expired or about to expire — refresh it (Sub-Scenario 2b)
    refresh_access_token()