Difference between Access Token and Refresh Token
Karan Patel2 min read
Access Token
Access tokens are basically a fixed timed tokens that are only accessible for given time period by a developer.
Refresh Token
Refresh token on the other hand are used to generate a new access token as soon as the current access token is expired or invalid.
Example :-
Let’s take a scenario of a user logging into his/her account
User Login:
- A user enters their credentials (username and password) on a login page.
Authentication:
- The server verifies the credentials. If they are correct, the server generates an access token and a refresh token.
Access Token:
- The access token is sent back to the user's device. It is used to access protected resources or APIs for a limited time (e.g., 15 minutes).
Refresh Token:
- The refresh token is also sent to the user's device. It is used to request a new access token when the current one expires, without requiring the user to log in again.
Accessing Resources:
- The user's device includes the access token in the headers of requests to access protected resources.
Token Expiry:
- Once the access token expires, the user's device uses the refresh token to request a new access token from the server.
Token Renewal:
- The server verifies the refresh token and, if valid, issues a new access token (and possibly a new refresh token).
This process ensures that the user can continue to access resources without repeatedly logging in, while maintaining security.
3
Subscribe to my newsletter
Read articles from Karan Patel directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by