Access Token and Refresh Token

First of all a big shoutout to Hitesh Choudhary sir for his amazing series chai aur backend. I have learned a lot from it the level and the quality of the content is something else you will not find production grade content like this anywhere else.

Please Sir, create more content like this it is helping many students.

Why they are used ?

If i say in simple words, It is used for implementing secure user authentication.

By using them we can handle user login very efficiently and easily, By which our web or app data is not accessed by any unauthorized person and making it secure.

Access Token

Access tokens are short lived like for some minutes, hours or a day it depends on the use case and requirement.

We can store data which can be used later (Ex: id, email, username) etc.

By using access token we do not have to enter login information every time, Once we login it will generate an access token which will be stored in cookies or local memory (for app) and it will authenticate automatically.

Refresh Token

Refresh tokens are comparatively long lived than access token, and they are stored in database.

In most cases it stores the data like user id which will help in finding user from database.

What happens when Access token is expired ?

When this happens server will send a response for which the fronted will make a request to regenerate the access token by using the refresh token that is stored in cookies or local memory.

The server will verify the refresh token it is verified it will regenerate or create new tokens for user. If the verification is failed it will send an error like unauthorized request.

Thank you for taking your time and reading my blog, Hope this helped you.