AccessToken and RefreshToken the simplest explanation.

So today i will try to explain what is access token and refresh token in respect to JWT and sessions.

Flow of Token generation image

So from the above image you can get a rough idea what is happening if not then today i will tell you what happens behind the backend of token creation .

we are telling token this that refresh access but what is token ?

A token is like a digital key that enables the user to not again give its credentials like (email or username) and password again and again instead if you have that token we have just verified you and you can access the secure feature as it is .

story behind the working of token generation.

So what happens is that when a user logs in on any site he/she generates one access and one refresh Token while refresh token are long lived they are with the client (user’s browser) end through cookie’s and access token are short lived for small session like 1 or 2 hour also present at user end through accepted cookie’s. after access token expire our app gives a 401 or any error so when it give error the app hits an endpoint which generates a new token based on your current decoded refresh token which we can get through cookies transmitted to the user and is decoded with the help of JWT and is compared with the already present refresh token in database, if both are same it verifies the existing user and generates new refresh token .