DEV Community 👩‍💻👨‍💻

Discussion on: API Authentication Workflow with JWT and Refresh Tokens

kritish58 profile image
Rishi58 • Edited on

thank you for your response, refreshToken=>token in redis db in server (if we can store in redis server will that cache remain alive till the refresh_token remains alive -like for 2-3 days or even a week)

2.whenever server recieves an expired token, it verfies the expired token from that mapping in no.1 and sends a new token to the client

3.I can store refreshToken in a cookie with better security like {sameSite} {httpOnly} {secured} and send it to server in every request from client

please correct me if this understanding is wrong, thank you