I;m trying to get my idea around refresh tokens. How do I generate a refresh token? why they look different? Is it related to the JWT format?
Hi there @fddayan!
Great that you’ve got interested in it. Here is a piece of useful content on understanding refresh tokens and how they work:
Basically, refresh tokens carry the information necessary to get a new access token. In other words, whenever an access token is required to access a specific resource, a client may use a refresh token to get a new access token issued by the authentication server.
Common use cases include getting new access tokens after old ones have expired, or getting access to a new resource for the first time. Refresh tokens can also expire but are rather long-lived. Refresh tokens are usually subject to strict storage requirements to ensure they are not leaked. They can also be blacklisted by the authorization server.
Let me know if that helps!