Auth0 Home Blog Docs

Why JWT tokens look different from refresh_token? how can I generate a refresh token?


I;m trying to get my idea around refresh tokens. How do I generate a refresh token? why they look different? Is it related to the JWT format?


Hi there @fddayan!

Great that you’ve got interested in it. Here is a piece of useful content on understanding refresh tokens and how they work:

Basically, refresh tokens carry the information necessary to get a new access token. In other words, whenever an access token is required to access a specific resource, a client may use a refresh token to get a new access token issued by the authentication server.

Common use cases include getting new access tokens after old ones have expired, or getting access to a new resource for the first time. Refresh tokens can also expire but are rather long-lived. Refresh tokens are usually subject to strict storage requirements to ensure they are not leaked. They can also be blacklisted by the authorization server.

Let me know if that helps!