Home > Enterprise >  Issue with JWT token multiple simultaneously refresh with Refresh token
Issue with JWT token multiple simultaneously refresh with Refresh token

Time:05-16

Tools: .NET 6 with EF Core, Vue 3 with Axios.

R-Token is Refresh Token. DB is database.

I have simple implementation of JWT Refresh Token auth.

  1. Client send Login & Password.
  2. Check password hash in DB.
  3. If OK, generate JWT token (short lifetime, 1-5 min) and Refresh Token (long lifetime, 365 days) which save to DB.
  4. Client make requests with JWT.
  5. When Axios interceptor gets 401, then try to refresh tokens with generated below Refresh Token.
  6. Used Refresh token deletes from DB, if application cant find R-Token in DB it responses 403.
  • Related