DEV Community

Discussion on: API Authentication Workflow with JWT and Refresh Tokens

cupwebcode profile image

In second scenario you wrote that when server receive expired token, it sends unauthorized response to client.
Client recieve unauthorized response and hit refresh endpoint.
My question: where should I store logic for my refresh endpoint? Do I need second server for that?
I have a few suggestion and I don't know which is better.

gokayokyay profile image
Gökay Okyay

Hey! Sorry for the late reply.
It depends on the architecture for your web app. If you use microservices architecture, you could possible create another service for the token refreshing service and put the logic in there.