DEV Community: Vivek Kantariya

[Boost]

Vivek Kantariya — Mon, 02 Mar 2026 08:42:04 +0000

How Access and Refresh Tokens Work

Vivek Kantariya ・ Feb 28

#accesstoken #refreshtoken #oauth #backend

How Access and Refresh Tokens Work

Vivek Kantariya — Sat, 28 Feb 2026 19:46:40 +0000

Ever wondered how apps like Netflix and Facebook keep you logged in for months without ever asking for your password again? I used to just take it for granted - until I actually dug into how it works under the hood. Turns out, two small things are responsible for that seamless experience: access tokens and refresh tokens.
Let's break it down.

Modern apps don't pass your username and password around with every request. That would be like showing your passport every single time you walk through a door inside a building you've already entered. It's unnecessary, and honestly, a huge security risk.
Instead, protocols like OAuth 2.0 and OpenID Connect (OIDC) use tokens. You prove who you are once, get a token, and that token does the talking for you from that point on.

Here's the simple version of what happens when you hit "Login":

You make a request to the app - say, "Login with Google."
The app reaches out to an Authorization Server (Google, in this case), which checks your identity and hands back an authorization code. That code is then exchanged for your tokens.
From that point on, the app uses your access token to fetch your data from the Resource Server - all without you doing anything.

The Authorization Server handles who you are. The Resource Server handles what you're allowed to do.

The Access Token

Think of the access token as your daily pass. Every time the app needs to fetch your data or perform an action on your behalf, it attaches the access token to the request. The server looks at it, says "yep, this person is allowed," and responds.
But here's the thing - this token is short-lived, usually only valid for few minutes to a few hours.
Why so short? Because it's exposed a lot. It travels with almost every request, which means there are more opportunities for it to be intercepted. If someone does steal it, keeping it short-lived means the damage window is tiny. They can't do much with a token that expires in few minutes.
A long-lived access token would be a nightmare from a security standpoint. The longer it's valid, the more time an attacker has to exploit it.

The Refresh Token

Now here's where it gets interesting. If the access token expires every 20 minutes, why aren't you constantly being logged out and forced to re-enter your password?
That's the refresh token's job.
The refresh token is long-lived - we're talking days, weeks, sometimes even months. But it doesn't travel with every request like the access token does. It sits quietly in the background and only gets used for one thing: getting a new access token when the old one expires.
When your access token dies, the app uses the refresh token to silently request a fresh one from the Authorization Server - and you don't feel a thing. No interruption, no login screen, nothing.
One important thing though - the refresh token never goes to the Resource Server. It only ever talks to the Authorization Server. This separation is intentional and keeps it much safer than the access token.

Quick Comparison

Why Not Just Use One Token?

This is the question that stumped me at first too. Why bother with two?
Here's the honest answer: one token doing everything is a security disaster waiting to happen.
If you had a single long-lived token that was sent with every request, stealing it would give an attacker full access for a long time - and there's not much you could do about it quickly.
By splitting it into two:

The access token gets exposed often, so it's kept short-lived - stolen token, small problem.
The refresh token is exposed rarely, so it can afford to live longer - and it's much easier to revoke on the server side if something feels off.

References & Further Reading

OpenID Connect Official Documentation
Auth0 — Refresh Token Rotation
Auth0 — Access Tokens
Access Token vs Refresh Token: A Breakdown, GeeksforGeeks
Access Token vs Refresh Token: A Breakdown youtube

Object-Oriented Programming in Java — The Heart of Modern Development

Vivek Kantariya — Tue, 22 Apr 2025 16:46:16 +0000

Have you ever wondered how complex applications like Instagram, Minecraft, or banking software are built and maintained so efficiently? Object-Oriented Programming (OOP) plays a crucial role in managing this complexity.

In this blog, we’ll explore the core concepts of OOP in Java, understand how classes and objects work, and see real-world analogies to solidify your understanding.

1. Introduction to Object-Oriented Programming (OOP):

Object-Oriented Programming (OOP) is a programming paradigm that organizes software design around objects rather than just functions and logic. Java, one of the most widely used programming languages, is built entirely on OOP principles, making it a powerful tool for creating scalable, modular, and maintainable applications.

Classes and Objects

A class is a blueprint or prototype from which objects are created. It defines the structure (attributes and methods).
An object is an instance of a class, with actual memory allocation.

class Car {  
    String color;  // Attribute (state)  
    void drive() { // Method (behavior)  
        System.out.println(“Car is moving!”);  
    }  
}  

public class Main {  
    public static void main(String[] args) {  
        Car myCar = new Car(); // Object creation  
        myCar.color = “Red”;   // Setting state  
        myCar.drive();         // Calling behavior  
    }  
}

State, Identity, and Behavior

State → Represented by attributes (e.g., color of a car).
Behavior → Defined by methods (e.g., drive()).
Identity → Unique memory address where the object is stored.

2. Strengths of OOP:

Modularity — OOP helps break down a large program into smaller, manageable pieces (objects). This modularity makes it easier to maintain and scale applications.
Reusability — Classes can be reused across different projects.
Encapsulation — Protects data integrity by controlling access.
Flexibility — Inheritance and polymorphism allow dynamic, scalable designs.
Maintainability: Code is easier to update and debug when it’s organized around objects that mimic real-world entities.

3. The 4 Pillars of OOP:

1. Encapsulation:

Bundles data (attributes) and methods (functions) into a single unit (class).
Protects internal state by controlling access (e.g., using private fields with getters/setters).

2. Inheritance:

Allows a class (subclass) to inherit properties and behaviors from another class (superclass).
Promotes code reuse and hierarchical organization.

3. Polymorphism:

Enables different classes to respond to the same method call in different ways.
Achieved via method overriding (same method, different implementations).

4. Abstraction:

Hides complex implementation details and exposes only essential features.
Uses abstract classes and interfaces to define high-level structures.

4. Real-Life Analogy:

Think of a class as a car blueprint, and an object as an actual car built from that blueprint.

Example:

Class (Blueprint) → Defines attributes (color, model) and behaviors (start(), stop()).
Object (Car) → A real car with specific properties that can perform actions.

Extending the Analogy:

Inheritance → An ElectricCar class extending Car (inherits properties).
Polymorphism → Different cars (Sedan, SUV) can have their own drive() implementations

5. Java vs. Python vs. C++: OOP Perspective:

Java is considered a pure object-oriented language because:

Everything is an object (except primitives).
Every piece of code must be wrapped in a class.

Python: supports OOP, but it also allows procedural programming, so it is a multi-paradigm language.

C++: C++ is an object-oriented language but allows procedural programming. It also includes features like pointers, which Java does not support, making Java simpler and more secure.

6. Conclusion:

Object-Oriented Programming (OOP) in Java is the backbone of robust, scalable, and maintainable software design. By mastering core principles like classes, objects, inheritance, and polymorphism — and by understanding how Java manages memory — you’re not just coding; you’re engineering solutions that stand the test of time.

7. References & Resources:

Kunal Kushwaha’s OOP Playlist (Highly recommended for visual learners!)
GeeksforGeeks OOP Guide (Hands-on examples and problem-solving)
Official Java Documentation (For in-depth technical clarity)

PS: Stay tuned for upcoming blogs.