Refresh and Access tokens #443
Unanswered
cloudcompute
asked this question in
Q&A
Replies: 1 comment
-
|
people turned to jwt and other solutions so you would store anything on the server. no "stickiness" between client and server... so any server can process the request and you can scale servers more easily... since they are agnostic. jwt has a payload that disallows third party tampering... so that helps the server recognize who is communicating with. wether it sent by request header or protected cookie... there is a lot of opinions regarding that. the server parses and just verifies the jwt. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In the code I am seeing that the refresh tokens are not stored on the server-side and instead, both of them are sent to the front end when a user signs up or signs in. Why is this so?
Could anyone help me explain the entire flow relating to the refresh and access tokens from Sign Up, Login, Authenticated requests to the server, and Logout. An example will really help.
Is there no need to use the cookies? What do we need to do when a user logs out?
Thanks in anticipation
Beta Was this translation helpful? Give feedback.
All reactions