javascript - some questions about refresh tokens
问题描述
I have some questions (moreso confusions) about the use and or the reason behind refresh tokens when I'm using jsonwebtokens. NOTE: I have read so many answers on stack overflow about this but I'm still confused so please don't just link me to some other answer
firstly, why is it even needed? I fully understand the whole thing about short lived access tokens and long lived refresh tokens that are used to acquire new access tokens, but then I feel like that leaves the refresh token just as vulnerable and maybe more then normal access tokens
secondly I hear people saying stuff about how the Resource server cares about the access token and the Authorization server cares about the refresh token. but I have 1 server just an API that I'm using jwt's to authorize and authenticate with
also yes, I do understand that its better experience for user because they can stay logged in for longer etc, but the question still rises why not just make the access token last a long time
I guess my question boils down to, why exactly are they needed / used and what makes them more secure then just using access tokens
now I have actually implemented refresh tokens and still these questions come up, idk if I'm just slow but its quite confusing to me and there don't seem to be very clear explanations about the "why" on the internet
any help / explanation would GREATLY appreciated, I'm just tryna wrap my head around the "why" of this because I can implement it all day but if I don't understand it I will forever be left puzzled about why in the world I'm doing what I'm doing
解决方案
推荐阅读
- node.js - Cube.js 服务器正在监听 4000,但无法获取 UI
- sql-server - 当列是 T-SQL 查询中的时间戳时,根据日期获取 COUNT?
- powershell - Powershell 中未处理异常的默认行为
- python-3.x - 使用 selBest 选择的 DEAP 的 eaSimple 算法选择的个体数量
- javascript - firebase firestore 导入时间戳日期
- python - Python3中带有数据框的exec函数
- python - 如何为 SageMaker 批量转换作业的输出文件指定名称?
- common-lisp - 成为类型说明符的坏事:数字
- c# - 是否有任何文档如何为 Web 应用程序实现自定义身份验证——天蓝色应用程序服务?
- javascript - 使用 for...in 语句遍历对象的键