How access token and refresh token works updated

by Manu
how access token and refresh token works Updated 2022

In this guide we are going to see how access token and refresh token works. So in your application you want to allow user to access data if user has a access token which is not expired. fair enough now you make user getting register and you generate a access token for this user user can use this access token to access certain things in your website.

User makes a request with access token after few hours and still gets data if and only if refresh token is valid. Let’s break it down

here is the process:

  1. User registers and gets access token ( Let’s say this access token expires in 5 minutes).
  2. At the time of generating access token we generated Refresh token as well with validity of 10 minutes.
  3. User tries to get data again if access token valid user can get data.
  4. Token expires after 5 minutes
  5. Now user tries to get data but access token is expired. We check using our code logic if refresh token if expired or not.
  6. If refresh token is not expired we generate another access token for 5minutes for user.
  7. User gets access to data using new access token.
  8. This time refresh token expires.
  9. User tries to access data but access token expired as well.
  10. Our code checks for refresh token which was expired earlier.
  11. User notified that cannot access to data as both refresh and access token are expired.

At this point you can ask user to do something for getting new refresh token.

Have question want to have your code reviewed checkout “”. add questions there.

Download code here

You may also like