Why JWT tokens look different from refresh_token? how can I generate a refresh token?

I;m trying to get my idea around refresh tokens. How do I generate a refresh token? why they look different? Is it related to the JWT format?

Hi there @fddayan!

Great that you’ve got interested in it. Here is a piece of useful content on understanding refresh tokens and how they work:

Basically, refresh tokens carry the information necessary to get a new access token. In other words, whenever an access token is required to access a specific resource, a client may use a refresh token to get a new access token issued by the authentication server.

Common use cases include getting new access tokens after old ones have expired, or getting access to a new resource for the first time. Refresh tokens can also expire but are rather long-lived. Refresh tokens are usually subject to strict storage requirements to ensure they are not leaked. They can also be blacklisted by the authorization server.

Let me know if that helps!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.