Curious about how ๐๐ช๐ง ๐๐๐๐ต๐ฒ๐ป๐๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ป + ๐ฆ๐ฝ๐ฟ๐ถ๐ป๐ด ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ works?
It's a three step process:
โข Client hits a requests , which gets authenticated and a JWT token gets created using spring security prebuild encryptor and library along with some of our manual configs.
โข Once JWT tokens (acces_token + refresh_token ) gets created they are send back to the UI which persist those tokens somewhere locally on client or preferably on servers.
โข Then UI hits backs the request along with JWT token, and gets successfully served with the required API response.
This happens in fraction of time that it's not noticable to user.
These 2 above specified tokens namely access_token and refresh_token has limited lifespans , which is encrypted in the token itself.
lifespan of access_token<<refresh_token
Once access_token gets expired it(UI) requests for new access_token to backend using refresh_token.
Refresh_token too have limited lifespan typically around a month or year as per need.
Once refresh_token gets expired , used is asked to relogin to the system hence following the above lifecycle again and again.
Wanna checkout how actual code of it using spring security looks like??
Then checkout my below Github repository: