Difference between Access Token and Refresh Token
Mohnish Kalaimani1 min read
| Access Token | Refresh Token |
| Access Token is a token used to authenticate and grant access to resources for the the user. | Refresh token are used to obtain a new Access Token. |
| Access Token has a short lifespan. | Refresh Token has a longer lifespan than an Access Token. |
| Access Token is used to authenticate the user’s API requests. | Refresh token is used when the current Access Token expires. |
| When a user logs in the system,their data along with both the Tokens get saved in the database. The system uses the Access Token to check if the user is logged in. | Due to the short lifespan of the Access Token, it can be difficult for the system to continuously validate the user. Therefore, Refresh Tokens are used to get a new Access Token. |
| Refresh Token works like a replacement security guard. For example, if the guard has a day shift, they would be replaced at night by another guard. | Refresh Token works like a replacement security guard. For example, if the guard has a day shift, they would be replaced at night by another guard. |
Reference:
0
Subscribe to my newsletter
Read articles from Mohnish Kalaimani directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by