JWT Refresh tokens explained

preview_player
Показать описание
Here is a summary on what is the purpose of using JWT refresh tokens, how they are generated and used in micro-services oriented architectures. We will also discuss the security implications of storing JWT, and how they can be implemented inside of REST APIs.

Support on Patreon:

----------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------
  1. Nevyan Neykov
  2. jwt
  3. JSON web tokens
  4. refresh tokens
Рекомендации по теме
JWT Refresh tokens 0:04:06

JWT Refresh tokens explained

What is a 0:04:53

What is a Refresh Token and why your REST API needs it?

JWT Refresh token 0:03:29

JWT Refresh token

Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

Why Refresh Token? 0:02:15

Why Refresh Token? - 2 min. OAuth #4

What are JWT 0:09:18

What are JWT Access token & Refresh token and why we need them? | Understanding JWT Tokens...

JWT Authentication Tutorial 0:27:36

JWT Authentication Tutorial - Node.js

Spring Boot Security 0:33:27

Spring Boot Security - JWT Refresh Token Explained In Details | JavaTechie

Refresh Token Rotation 0:48:28

Refresh Token Rotation With Next-Auth V5 || Managing Tokens With A Custom Backend

How to Store 0:08:28

How to Store JWT for Authentication

Why is JWT 0:05:14

Why is JWT popular?

What Is JWT 0:14:53

What Is JWT and Why Should You Use JWT

What is the 0:03:19

What is the difference between Access Tokens & Refresh Tokens? OAuth 2.0 & OIDC (OpenID Conn...

The difference between, 0:02:11

The difference between, ID, access, refresh, and session tokens? | One Dev Question: Hirsch Singhal

JWT refresh tokens 0:05:50

JWT refresh tokens security

JWT Refresh Token 0:18:40

JWT Refresh Token | Node.js Tutorial

ASP.NET and JWT 0:30:43

ASP.NET and JWT Refresh Tokens

JWT Authentication with 0:37:16

JWT Authentication with Access Tokens & Refresh Tokens - Node.js

Refresh Tokens with 0:25:41

Refresh Tokens with a .NET 6 Web API 🚀

Difference between cookies, 0:11:53

Difference between cookies, session and tokens

How Does JWT 0:11:27

How Does JWT Authentication Work? (JSON Web Token) | Tokens vs Sessions

OAuth 2.0 - 0:13:25

OAuth 2.0 - Refresh Token

Refresh Token Rotation 0:35:08

Refresh Token Rotation and Reuse Detection in Node.js JWT Authentication

JWT Refresh Token 0:33:13

JWT Refresh Token in ASP.Net Core (a deep dive)

Комментарии
Автор

Can you explain some details about the "start of countdown: from point 5. If my client is say some javascript does this mean I just start a setTimeout function with value equal to the jwt token expiry seconds? Or is there any other technique for issuing this silent refresh? The second solution I can think of is somehow if you try to make a request with an expired jwt token, then the actual silent refresh is issued, but is there any security issues with this approach? Please explain about the countdown.

dobromirbrezoev
Автор

why do you need to persist data in the auth server instead of trusting in jwt signature ?

nacholopez
Автор

So if I am using Google Auth for this my server side token logic is handled by Google right?

codaq
Автор

how to manage refresh_tokens for multiple devices of same user ?

sagar
Автор

can you plis make tutorial for laravel 8 for role and permissions, thanks

yuliarahma
Автор

Do I really need to save the refresh tokens? Can't I just verify the token on the backend and if it's expired or not the same user ID then cancel the refresh and log out?

RedstoneHair
Автор

So basically the refresh token is a regular token that requires a lookup on a database every time and the access token is a JWT that never requires a database lookup right?

Mal-nfsp
Автор

Doesn't it defeat the purpose of the TTL of the secured token

mtvmango
Автор

So what is the purpose of access token ? why not use refresh token directly

mahmodsamir