Does the refresh token have to be a random string?

P

pagicor2021-11-04 16:09:09

JSON Web Token

pagicor, 2021-11-04 16:09:09

Please tell me, on some sites who use jwt and refresh token, I noticed that the refresh token is just a random string of 25 or more characters, now I have a question: is it possible to generate a refresh token in the same way as access, that is, through the jwt library? Then it will not be just a random string, but a token that has payload, etc., and it will be easier to validate it.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alexey Yarkov, 2021-11-11
@yarkov

Can

A

Alexey Maltsev, 2015-02-08
@Axel_User

You can’t bypass it, at least users won’t like it very much. But you can gently hint that the project lives off advertising.
m.siliconrus.com/2014/07/sportsru-adblock

O

OlegSivokobov, 2015-02-09
@OlegSivokobov

on the official adsense forum there are comments of this kind from the leading responders and, it seems, like Google employees, that such workarounds encourage users to click on ads, and therefore are a violation of the rules. So I wouldn't recommend doing it.