Refresh Token and Access Token
Anubhav GhoshWhy do we need an Access token?
Access and refresh tokens were introduced to reduce the number of times users need to log in using their credentials.
Access Tokens allow users to access services without repeatedly entering their credentials. They are short-lived, typically expiring within minutes or hours. This limited lifespan enhances security, as even if an access token is compromised, it cannot be used indefinitely.
Refresh Tokens serve a similar purpose but with a key difference. They are long-lived and can last for days, weeks, or even longer. Refresh tokens are used to obtain new access tokens when the current ones expire, allowing users to maintain their session without frequent logins.
| Access Token | Refresh Token |
| Shortlived | Longlived |
| Stored in client side | Stored in server |
| Used to login user | Used to regenerate access token |
Subscribe to my newsletter
Read articles from Anubhav Ghosh directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by