AccessToken and RefreshToken the simplest explanation.

Nitro LegitNitro Legit
2 min read

So today i will try to explain what is access token and refresh token in respect to JWT and sessions.

Flow of token generation

Flow of Token generation image

So from the above image you can get a rough idea what is happening if not then today i will tell you what happens behind the backend of token creation .

we are telling token this that refresh access but what is token ?

A token is like a digital key that enables the user to not again give its credentials like (email or username) and password again and again instead if you have that token we have just verified you and you can access the secure feature as it is .

story behind the working of token generation.

So what happens is that when a user logs in on any site he/she generates one access and one refresh Token while refresh token are long lived they are with the client (user’s browser) end through cookie’s and access token are short lived for small session like 1 or 2 hour also present at user end through accepted cookie’s. after access token expire our app gives a 401 or any error so when it give error the app hits an endpoint which generates a new token based on your current decoded refresh token which we can get through cookies transmitted to the user and is decoded with the help of JWT and is compared with the already present refresh token in database, if both are same it verifies the existing user and generates new refresh token .

1
Subscribe to my newsletter

Read articles from Nitro Legit directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Nitro Legit
Nitro Legit