lkpro.blogg.se

Now, if we issue a long-lived access token, let say for example 1 month, for a user let’s say “Anurag” and let say the user “Anurag” is enrolled with the role “Users” at the moment. Mainly there are three main reasons to use the refresh tokens are as followsĪs we already discussed, the access tokens are self-contained tokens means they contain all the information (which is known as claims) of an authenticated user once the access token is generated. Let’s discuss why not a long-lived access token or what are the advantages of using refresh token in Web API. Why not we are issuing a long-lived access token for the first time? Now, you may have one question in your mind. Now once the access token is expired, the user can use the refresh token to obtain another short-lived access token and so on. The refresh token is not an access token it is just an identifier for the access token. the client id and client secret) to authenticate himself, and if the information provided by the user is valid, then a response contains a short-lived access token along with a long-lived refresh token gets generated. So, the user needs to provide the username and password along with the client info (i.e. The idea of using the refresh token is to issue a short-lived access token (up to 30 minutes) for the first time and then use the refresh token to obtain a new access token and use that access token to access the protected resources.

You can request for the new access tokens by using the Refresh Token in Web API until the Refresh Token is blacklisted. What is a Refresh Token?Ī Refresh Token is a special kind of token that can be used to obtain a new renewed access token which allows access to the protected resources. Token Based Authentication in Web API: In this article, we discussed how to implement and use the Token Based Authentication in Web API.Ĭlient Validation in Token Based Authentication: In this article, we discussed how to validate the clients while generating the token in Web API. Please read the following two articles before proceeding to this article as we are going to use the same example that we worked with in our previous two articles. In this article, I am going to discuss how to implement Refresh Token in Web API by validating the clients as well as I will also discuss how to persist the refresh token into a database.