Skip to main content
HashnodeVishv Salvi's Blog

Command Palette

Search for a command to run...

Difference Between Access Token And Refresh Token

A beginner friendly and in-depth guide on Access Token and Refresh Token

Published
2 min read
Difference Between Access Token And Refresh Token
V
Vishv Salvi

I am a Full Stack Developer from Mumbai, India. Currently I'm pursuing my Bachelors in Computer Science.

What is a Access Token?

Think of access tokens as your digital passes for getting into your online accounts without typing your password over and over again. These special passes stored in your web browser, making your login process quick and smooth. They've a short life span as compared to the refresh token.

ID Token and Access Token: What Is the Difference?

What is a Refresh Token?

They act like secret backup keys, allowing you to get a new access token without going through the hassle of remembering your password. Safely stored in a database, these tokens have a longer lifespan, ensuring you stay logged in for an extended period without any inconvenience.

Refresh Token in Asp.Net Core with JWT - YouTube

How do they work?

  1. Authentication process:

    When initiating a login session, the Access Token acts as a pass that eliminates the need to enter the password again. Thus, making the log in experience seemless and hassle free.

  2. Lifespan of Access Token:

    Since Access Token has short lifespan it expires after a session ends. During its lifespan it allows the user to access specific resources that can be only accessed if the user has an Access Token.

  3. The Role of Refresh Token:

    After the Access Token expires the refresh token stored in your database generates a new Access Token. Before the generation of a new Access Token the credentials of the user are verified which are decoded into the Refresh Token.

  4. Refresh Token expiry:

    When the Refresh Token is expired the user needs to log in again with their credentials to gain a new Refresh Token. Refresh Token have a longer lifespan as compared to the Access Token making the user experience across the Internet seemless and smooth.

    What is the purpose of a refresh token? - Stytch

    Conclusion:

    Refresh Token and Access Token both are very important part of Internet. They contribute in enhancing the user experience on the Internet. They also play an important role in security. Restricting the user from accessing sensitive data without logging in by using complex cryptographic algorithm.

    If you want to implement this technology: Click Here

    Also check my other blog where I will guide you in setting up a Fake Rest API in less than 5 minutes. Blog

#refresh-token#access-token#beginners#nodejs#backend#security

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Vishv Salvi's Blog

17 posts