I have a bit of experience of flask with flask-jwt-extended extension. With this library it is not required to save refresh tokens only if you want to revoke/blacklist them. There is a @jwt_refresh_token_required decorator that can validate the sent refresh token.
If you use some other programming langue and/or framework you can implement this feature. The only thing that you should do to put "type": "refresh" to the payload and check the token contains it or not if refresh token is required.
If blacklisting and/or revoke token feature is required for you than you should store the tokens in a database (or in a variable but it is not recommended)
Hi!
I have a bit of experience of flask with flask-jwt-extended extension. With this library it is not required to save refresh tokens only if you want to revoke/blacklist them. There is a @jwt_refresh_token_required decorator that can validate the sent refresh token.
If you use some other programming langue and/or framework you can implement this feature. The only thing that you should do to put
"type": "refresh"
to the payload and check the token contains it or not if refresh token is required.If blacklisting and/or revoke token feature is required for you than you should store the tokens in a database (or in a variable but it is not recommended)
More info:
flask-jwt-extended.readthedocs.io/...
flask-jwt-extended.readthedocs.io/...