Tokens: What Are Tokens? What Is The Difference Between Refreshing Token And Access Token?
Tokens are custom-built piece of data that carries required information either for authorize user for performing any action or allow the client to get information about authorization. Basically, tokens are used to help the client to grab the information and use that information to get the resources. The JWT (JSON Web Token) defines a way to represent common token information by the representation. Access token and Refreshing token are explained as follows.
Types of Token:
There are basically two types of tokens, one is access token and other is refreshing token.
Access Token: These token carry the required information to directly access the resources. In other words we can say that when an access token is passed by client to a server, then server can get the information from that token and then use it to check whether the client is authorized or not. Usually, access tokens are short-lived and have an expiration date.
Refreshing Token: These tokens carry the information that is required to get new access token or we can say to renew access token. Apart from this we can say, whenever we need to refresh or get a new access token issued by authentication server. Generally, when an old access token is expires then refreshing token takes necessary information and generates a new access token. Moreover, refreshing tokens also expires but are long-lived, and also they are blacklisted by the authorized server.
Basically, the common implementation allows direct authorization checks against access token. The refreshing token authorization is split way of handling the three thins of authorization check:
- It improvises the pattern of access against the authorization sever that is lowers the load and faster the check.
- Sliding session: It is a session which expires after a period of inactivity. In other word, when there is no activity, then after a while the session expires by itself.
- It expires quickly and reduces the chance of leaked token.
Click here to read more blogs