Skip to main content
HashnodeSurender

Command Palette

Search for a command to run...

Access Tokens and Refresh Tokens an Overview

Updated
2 min read
Access Tokens and Refresh Tokens an Overview
S
surender meena

Whenever you want to login into some website you need get authenticated, means you should be an authorized user of that website/web App. For those Authentication and Authorization these tokens are used. You will learn more about it in a minute.

Just pay the attention to the diagram below and see the flow.

  1. Our Tokens comes after the User registration. If there is no User saved in Database, then tokens are not useful.

  2. DB call is made for user Authentication. Find user in DB using Query.

  3. If user found successfully generate Access and Refresh tokens

  4. For generation of Encrypted tokens use JWT library.

  5. Access and Refresh Tokens saved in browser cookies.

  6. Only Refresh Token will be saved in DB for future authentication.

You can see we generated two tokens but why we generated them and only one of them are saved in DB not both of them.

Let's take example of "Outlook.com" when you login in to mail you enter you fill your credentials and gain access to your outlook account. And then you can do your work, send emails, read emails, create contacts, download files etc. And you don't have to put your login credentials for every new work you do. Why because there is an ACCESS TOKEN is created and saved in your Browser Cookies.

So, whenever you make a new call to your server your access token is used for verification. But the life of access token is very short lived e.g. 20min, 30min. After that your token expires but you need to work more in your mail, there comes your refresh Token.

  1. For Refresh Token you write a logic in your Backend Code, it checks if access token is expired, it checks whether Refresh Token is available or not, If its available then a DB call is made to retrieve the saved refresh Token.

  2. Then compare the "Refresh Token saved in cookies" and "Refresh Token saved in DB", if both tokens are matched and return true value, new Access Token is Generated, saved in cookies, and your browser session started again.

  3. Access token gets the new expiry time limit and Refresh token with its previous expiry time limit.

Checkout the video for mode detailed Explanation --> for Hindi Viewers.

https://youtu.be/L2_gIrDxCes?si=SEu4xYgdIBzVnIpe
#token#refresh-token#accesstoken#jwttokens#chaiaurcode#backend-developments

Comments

Join the discussion

No comments yet. Be the first to comment.