Home > Blockchain >  Middleware or seperate route to refresh jwt token?
Middleware or seperate route to refresh jwt token?

Time:07-24

I'm currently trying to implement a JWT access/refresh token auth in my application.

Most people seem to have a dedicated POST route for refreshing the access token. Why would you not want to refresh the token in the middleware if the access token is expired?

CodePudding user response:

There are a few different application roles which may influence how you code things:

WEB API

REST APIs simply receive JWT access tokens, validate them and return a 401 if the JWT fails validation. eg if the token is expired. The API knows nothing about the client's OAuth details and never receives a refresh token. See this code.

CLIENT UI

Some types of UI application, eg mobile apps, use refresh tokens, and implement their own token refresh, as in this code:

  • When a 401 is received from an API
  • Try to refresh the access token
  • Then retry the API call

WEB BACK END

If a web back end receives an access token from a Javascript app, and receives a 401 upon validating it, then the web back end can perform the refresh token step itself. This is because the web back end acts as the OAuth client, and, unlike APIs, has access to the client ID and secret.

Page link:https//www.codepudding.com/Blockchain/486353.html

Prev:External service call with Java 11 HttpClient sync vs async
Next:Progress in bytes when reading CSV from URL with pandas
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding