DEV Community

loading...

Discussion on: How to securely store JWT tokens.

Collapse
kontsedal profile image
Bohdan

Short living jwt token and one-time jwt refresh token will add protection from token stealing. If someone steals an access token - in works for a short time, if someone steals a refresh token, it would log out the current user because his refresh token is no longer valid. When the user logs in again it invalidates the refresh token of the attacker.