my understanding about token is jwt is only return accesstoken that doesnot contain username ,email such without password ,but refresh token is genarated by jwt or backend my understanding is it is a random string generated by backend so next dought what is inside the refresh token
Hi @jefijefin8
Welcome to the Auth0 Community!
There is no readable data “inside” a standard Refresh Token.
Unlike a JWT (JSON Web Token), which contains readable JSON data, a standard Auth0 Refresh Token is an “opaque” string —a randomly generated combination of letters and numbers created by the Auth0 backend. It acts as a secure pointer to where your session is securely stored in Auth0’s database.
The user data you mentioned above is stored inside the ID Token which is provided and usable by your frontend.
Kind Regards,
Nik