I am trying to implement JWT using djangorestframework-simplejwt for my Django rest application. I noticed that refresh token and access token are not stored in database. Then where are they stored?
Thanks in advance.
I am trying to implement JWT using djangorestframework-simplejwt for my Django rest application. I noticed that refresh token and access token are not stored in database. Then where are they stored?
Thanks in advance.
That's the point of JWTs, they do not need server-side storage. All the information is baked into the token itself, which is signed with a secret only the server has (is supposed to have, if you do it properly without security vulnerability). The server reads the information in the JWT and confirms that it has been signed with the secret, something only it itself should have. If that succeeds, it trusts the information contained in the JWT. Hence it doesn't need to look up anything in any database.