I'm seeking clarification on how the JWT token system operates, particularly in scenarios involving short-lived tokens and refresh tokens. Here's my current understanding:
- When a client initiates a request and the short-lived JWT token expires, the server responds with an "unauthorized" status.
- Subsequently, the client makes another call to generate a new short-lived JWT token using a refresh token.
- Once the new JWT token is generated, the initial request is processed.
My concern revolves around how the client's original request is retained during this short-lived and refresh token workflow. As a client, I assume I shouldn't be adversely affected by the token renewal process.
I have send short lived and refresh token in same request and if short lived token is expired, I do authenticate using refresh token. But in this scenario, it seems short lived token has no use.