Understanding JWT Token Workflow with Short-lived Tokens and Refresh Tokens

28 views Asked by At

I'm seeking clarification on how the JWT token system operates, particularly in scenarios involving short-lived tokens and refresh tokens. Here's my current understanding:

  1. When a client initiates a request and the short-lived JWT token expires, the server responds with an "unauthorized" status.
  2. Subsequently, the client makes another call to generate a new short-lived JWT token using a refresh token.
  3. Once the new JWT token is generated, the initial request is processed.

My concern revolves around how the client's original request is retained during this short-lived and refresh token workflow. As a client, I assume I shouldn't be adversely affected by the token renewal process.

I have send short lived and refresh token in same request and if short lived token is expired, I do authenticate using refresh token. But in this scenario, it seems short lived token has no use.

0

There are 0 answers