Details about Tokens

·

2 min read

Have I seen it before? 🤔
Lets understand it with a real world example. Suppose you logging in a bank application. If your credentials are correct then, your bank details are shown to you. After some transactions you closed that app and now you want to do some more operations, so will again open the bank application, but this time you see that it is again asking for the same credentials that is had given before. At the same time suppose you are logging to the social media app and you did the same thing with this app, But now you will notice that there is no requirement of re-login. What differentiates this both of the conditions are Tokens. Let's Learn...
Types of tokens
There are mainly two types of WebTokens : 1. RefreshToken 2. AccessToken
Access Token
When you logs-in in any Web application, then Access Token is given you as a cookie which authorizes you to access the information. This Access Tokens are stored in header of cookie mainly and cookie is stored to your local machine. This Access Tokens are generally very short lived. Simple procedure is whenever you give you logs-in in any website, if your credentials are correct then server will return you token to access the web page. that's it.. here, I have used word log-In, but In real cases it doesn't matter that you are signing up or logging In.........
Refresh Token
Since as we previously discussed that Access Tokens are generally very short lived. So it will cause an irritating problem, which is re-Login whenever you opens tha app again. Now. To solve this problem Refresh Tokens comes in which are stored in client side(as a cookie in local storage) and server side(In database). Simply the procedure of generating is whenever your access token expires and you try to login at this time server will match your Refresh Token with Refresh Tokens which are existing in Database. If you Refresh Token is present in Database then server will give you newly generated Access Token and Refresh Token. Generally Refresh Tokens are very long lived.
  • Difference b/w Access and Refresh Tokens

Access TokensRefresh Tokens
Stored only at client side.Stored at both the ends.
Short-livedLong-lived
EncodedEncoded
We can be authorized by Access Tokens.We can not authorized by Refresh Tokens, but using this we can generate new Access Tokens.

Special Thanks to Hitesh Choudhary sir☺ #chaibackend

Â