Showing posts with label jwt. Show all posts

Showing posts with label jwt. Show all posts

Home » Posts filed under jwt

Access token vs refresh token

June 26, 2021 Ravi Yasas

Access token vs refresh token

Access token

This is short-lived
Send API request, with the access token
If the access token is invalid, fail and ask the user to re-authenticate
There are few types of access tokens

Bearer tokens
JWT tokens
Opaque token

Refresh token

These tokens are long-lived
Refresh tokens are used to retrieve access tokens
If the access token is invalid, try to update it using the refresh token
If the refresh request passes, update the access token and re-send the initial API request
If the refresh request fails, ask the user to re-authenticate

access token / bearer / beginners / jwt / learning / oauth2 / opaque / refresh / refresh token / security / tokens / tutorial

Subscribe to: Posts ( Atom )