Let’s assume, You are a 1st year college student and for this year you want to issue a library card to get a initial entry of your college library.

But after that when you get that library card you can easily show that to the librarian and the librarian verify that and he gives a library pass , which require to access the college library for the particular day.

And if you want to use the library again for the next day you don’t need to generate a new library card you just simply go to the library and show your existing library card to issue a new library pass to access the library again for that particular day.

But When You get Promote to Your 2nd year then you have to issue a new library card for your 2nd year , and the process going on.

Explanation :

Here Your library card is like Refresh Token which expiry time is long (usually 1d - 30d), and your library pass is like Access Token which expiry time is short (usually 15min - 1hour).

For Authentication Purpose in Website or App We generally use this token.

When a User “Logged In” by putting its correct credentials , server send a Access Token as well as a Refresh Token. But after some time span the access token is expire but still user want to use the app or website , in this case the refresh token comes into the ground , it generate the new access token for this user that’s why user don’t need to verify with its credential again.

const accessToken = generateAccessToken(user); // Short-lived token
const refreshToken = generateRefreshToken(user); // Long-lived token

This tokens really help to secure the website or app and also provide smooth user experience ………

A special thanks to Hitesh Choudhary