Difference between Access-Token and Refresh-Token

satya sootarsatya sootar
1 min read

Table of contents

Once the user authenticates, the server returns two JSON web tokens: an access token and a refresh token.

Access Token

An Access Token is a type of JSON Web Token (JWT) issued by the server after successful user authentication. It acts as a key for accessing protected resources or APIs without requiring repeated authentication.

  • Purpose: To grant users access to designated routes or resources.

  • Access tokens are short-lived, usually lasting from a few minutes to a day for security reasons.

Refresh token

A Refresh Token is a credential also issued during authentication, used to obtain a new Access Token when the current one expires. It ensures seamless user sessions without requiring the user to re-authenticate frequently.

  • Purpose: To securely generate a new Access Token through a server endpoint when the old token expires.

  • Use Case: The client application sends the Refresh Token to the server, which verifies it and issues a new Access Token. This process reduces the need for repeated logins.

0
Subscribe to my newsletter

Read articles from satya sootar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

codeaccess-tokenrefresh-token

Written by

satya sootar
satya sootar