Reputation: 99
Need help in understanding refresh tokens, where and how to store them as well as what to store in them
Like the title says, I'm having trouble understanding refresh tokens. How should I make them? the same way as an access token with the package 'jsonwebtoken'? or a different package? if the same package, what do I store in them? the same thing I store in my access token? and should I store my refresh token the same place where I store my access token? How does refresh token make jwt more secure?
I can't find clear answers in the internet since most online tutorials focus more on the access tokens or how secure jwt is without properly explaining refresh tokens. I'm using express by the way.
Upvotes: 3
Views: 394
Answers (1)
Reputation: 117
Yes, the refresh tokens work the same as access tokens, they use the same technologies.
A refresh token is a special kind of token used to obtain a renewed access token , the refresh token never expires.
-refresh token is a way to communicate with the Authorization server
-access token is a way to communicate with the Resource server
Check this graph may help you understand the flow :
Upvotes: 3
Related Questions
- Node.js JWT refresh token in express middleware
- How to generate a refresh token?
- jwt access token and refresh token flow
- What is the Refresh Token authorization procedure
- Where should I save jwt refresh token?
- Access/Refresh token confusion
- JWT refresh Token Implementation
- JWT Token Refresh Invoking
- Session object storing JWT + handling refresh tokens in node.js backend
- implementing refresh-tokens with angular and express-jwt