Table of contents
What is Tokens
Tokens are the pieces of data that carry just enough information about to facilitate the process of determining a users identity or authorizing a user to perform an action .The tokens allow application system to perform the authorization and authentication process
For a naive developer first we need to only that access token is a short lived whereas refresh token is long lived.
Access token are temporary credentials that grant to protected the resource,whereas refresh token are used to obtained new access token once the current access token is expired
when a user logs to there account he/she will get a tokens like access token and refresh token where the access token is used to authenticated Api request to access protected resource of the applications, where as the refresh token stored in the database. it helps to access new access token once the current one is expired.
To exchange a refresh token for a new access token, the application sends the refresh token to the authorization server along with any required authentication credentials, such as client ID and client secret. The authorization server validates the refresh token and issues a new access token if the refresh token is valid and the client credentials are authenticated successfully.
written by : Deepak Kumar