Refresh and Access Token In Backend

In this article we will discuss about the reality of refresh and access token and figure out all the fake assumptions from our memory.

JSON Web Tokens ( JWT )

JWT tokens are used for authentication. These tokens have three parts: Header, Payload, and Signature. There are two types of JWT tokens:

1. Access Token

2. Refresh Token

Why we need refresh and access tokens?

These tokens are generated by backend developers to register users on their platforms. Once a user provides their data, the server creates an access token and a refresh token to identify the user in the database for login and logout purposes.

Access Token :

Access tokens are also known as short-lived tokens because they are given to users for a limited time. The specific duration is set by the backend engineer, determining when the access token will expire. If a user's access token expires for security reasons, the user needs to sign in again. However, most of the time, we don't need any details from the user. Instead, we use the refresh token given to the user and verify the refresh token saved in our database. If both match, we provide the user with a new access token.

Refresh Token:

Refresh tokens are also part of JWT (JSON Web Tokens). These tokens last longer than access tokens. They are stored in the database for generating future access tokens. When a user wants to sign in, if their refresh token matches the one saved in our database, we simply provide them with a new access token, allowing the user to log in successfully.

The process of generating new access token:

To generate a new access token, developers first need to check if the refresh token provided by the user is valid. If the refresh token is invalid, developers will return an error. However, if it is valid, the developer generates a new access token using JWT and provides it to the user, allowing them to log in again.

If you want to learn more about access and refresh tokens, visit it:

Refresh and Access token By Chai aur Code