Implement token-based authentication

Asked 2 years ago, Updated 2 years ago, 86 views

Hello.

We are currently designing an api server.

We're implementing token-based authentication.

When I certify it, I return both the jwt token and the refresh token.

Authentication logic is that if a request is made to a resource that requires authorization, when the token expires

Is it correct to return a specific response code and make it recognized in the cla and request it with url, which renews the token itself using the refresh token from the cla storage side, get a new access token, and then request it back to the resource that needed authorization for the original purpose?

Also, the expiration time of the current certification token is about 30 minutes, but I wonder how long the expiration time of the refresh token itself is usually!

I'd appreciate your help!

token

2022-09-22 21:10

1 Answers

I designed it with accessToken and refreshToken. I used the following structure.

AccessToken expired in one day. The refreshToken expired in 30 days.


2022-09-22 21:10

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.