DEV Community

loading...

Discussion on: Stop Guessing: What is a JWT?

Collapse
stevescruz profile image
Steve Cruz Author • Edited

You explained in a great and clear manner! Just adding to what you said to help Tushar in case he is unfamiliar with refresh tokens:

It's good to set a low expiration for the JWT, as low as possible. So if we set a low expiration we'll have to login into a page more often, for the user this may get annoying.

Refresh tokens were created with many purposes in mind, one of them is to enhance user experience, since it has a long expiration date and is used to generate a new JWT (in this context the JWT is called access token) when it inevitably expires with its short expiration. This avoids making us have to login into a page again when the access token expires.

There are other important purposes to them, here are useful reference material:

Thread Thread
tusharpandey13 profile image
Tushar Pandey

Thank you, for the explanation and further information, all the people answering my questions are awesome!