Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
IvanN7772019-03-04 08:34:01
JSON Web Token
IvanN777, 2019-03-04 08:34:01

I don’t understand how to update JWT, refresh token, what is unusual about it?

There is a token with a user ID.
There is a refresh token.
When the token expires, we use the refresh token to refresh the user's token.
It is also written in theory that if the user's token is hacked, then the refresh will not allow the attacker to update and work further.
But a question. What is the difference between a regular jwt token and a jwt refresh token.
Why just do the obsolescence of the token, if it steals the usual one, then it will steal the refresh token.
Or should it be stored in some other way.
I do not understand the principle of its protection.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander, 2019-03-04
@alexr64

I do not understand the principle of its protection.

refresh token is not given to everyone.

Similar questions
W
WotanWeb2020-09-22 13:05:44
How to work with JWT refresh token? 2Reply
R
Ramil Akperov2022-01-19 08:04:24
Authentication with Django Simple JWT or custom user authentication? 2Reply
M
Max Voronov2016-07-22 17:14:30
How to properly invalidate JWT tokens? 1Reply
H
HoHsi2016-08-15 07:49:54
Can a JWT have a Statement? 0Reply
C
Crocosha2020-10-28 19:48:16
Why doesn't credentials: 'include' help? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question