I have a few questions about the access token and the refresh token that my server will create.
I have a website and for logged users, i will use Javascript Framework and a lot of HTTP request to my API.
If I understood correctly, when my server creates access token and a refresh token after a successful login, I will return these 2 tokens in json? Am i right ?
And then, the front end(Javascript framework), will store these 2 tokens, and on every HTTP request, the front end will send the access token in the header bearer, is that right?
Last question, if a logged member closes his browser and a few hours later he returns to the site, do I get the access token from the cookies?
Is this the way to automatically connect a member who is already connected
Thank you so much ! Have a great day
CodePudding user response:
When you creates access token and a refresh token after a successful login, I will return these 2 tokens in json. Yes! In addition to this if user login then you have to store the token in sessionStorage or you can also prefer localstorage for the same.
On every HTTP request, the front end will send the access token in the header bearer. Yes.
Answer to your last question, if a logged member closes his browser and a few hours later he returns to the site, do I get the access token from the cookies. Then you have to check token expiration every time the user visits in website so if the token is expired or not. Thanks !!
Note: For this purpose you can use http interceptor:-https://www.thirdrocktechkno.com/blog/how-to-integrate-interceptor-in-angular-9/