Simple Explanation of Access Tokens, Refresh Tokens, and JWTs

SOURAV MOHANTYSOURAV MOHANTY
2 min read

Table of contents

What is Token?

Before discussing the concept of access tokens, refresh tokens, and JWT, let's first understand tokens. Consider an airport as an example. Those who have a pass, are employees of the airport, or have a visitor pass are allowed inside the airport, while others are not. In the case of tokens, they are like passes; those who have the pass are allowed to use any features.

We allow our family members inside our house, not others. - Hitesh Choudhary

What is JWT?

JWT stands for JSON (JavaScript Object Notation) Web Token. In general, it’s a way to generate tokens (passes) based on a payload (a fancy name for data β†’ it could be anything 😁). Here, JWT uses its built-in algorithms to generate tokens by taking the payload (data) and a unique key (e.g., any random string like a password).

What is Access Token?

Access Token is a type of token (pass) used to give a user access to some features. It is usually sent through secure cookies to the browser, and only the server can perform CRUD operations on it. It is usually short-lived, meaning these tokens expire in a short period of time.

What is Refresh Token?

Refresh Token is a kind of token (pass) that is used to update the access token when it expires, and the refresh tokens are long-lived compared to the access tokens.

What is difference between them?

So to understand this, let's take an example. Consider any online game, and suppose you are under 18. According to Indian government rules, you cannot play the game for more than 6 hours a day. If you want to play for more than 6 hours, you need to verify this with your parent. In this situation, the access you have for 6 hours is your access token, and the access you need after 6 hours is your refresh token, which is permission from your parent.

Conclusion

In general, the JWT is a medium to generate a token by taking the payload (data) and a secret key (password). The access token is a way to give access to a user, maybe to a feature or something else, and the refresh token is a medium for updating the access token and also to avoid unwanted logouts and logins.

Reference:

https://youtu.be/7DVpag3cO0g?si=vkXXJ6_TlzKDk6gw

You can refer to this video to have more depth about this concept .

1
Subscribe to my newsletter

Read articles from SOURAV MOHANTY directly inside your inbox. Subscribe to the newsletter, and don't miss out.

JWTtokens jwt access-tokenrefresh-token

Written by

SOURAV MOHANTY
SOURAV MOHANTY

Experience teaches the best way I wish I was taught