DEV Community

loading...

Discussion on: Refresh JWT with Refresh Tokens in Asp Net Core 5 Rest API Step by Step

Collapse
annguyen209 profile image
An T. NGUYEN

Refresh token is similar to a backup key to get back new token in case it is expired or lost. You are sending the token over the internet many times so it "maybe" stolen.
That why we keep token expiration time is shorter a lot to the refresh token.

Collapse
wangzhe66369 profile image
wangzhe66369

Thank you for your answer.
I understand that the purpose of JWT is to not store data on the server side. Now that the RefreshToken must be stored on the server side, does it violate the purpose of JWT? I feel that this approach is very similar to Session