DEV Community

Discussion on: API Authentication Workflow with JWT and Refresh Tokens

Collapse
cupwebcode profile image
cupWebCode

In second scenario you wrote that when server receive expired token, it sends unauthorized response to client.
Client recieve unauthorized response and hit refresh endpoint.
My question: where should I store logic for my refresh endpoint? Do I need second server for that?
I have a few suggestion and I don't know which is better.

Collapse
gokayokyay profile image
Gökay Okyay Author

Hey! Sorry for the late reply.
It depends on the architecture for your web app. If you use microservices architecture, you could possible create another service for the token refreshing service and put the logic in there.