DEV Community

Discussion on: NextJS Auth With Prisma And Refresh Tokens (JWT)

Collapse
 
2color profile image
Daniel Norman

That's correct.

As far as I know, If you're rolling your own authentication, a session token in an HttpOnly cookie should suffice.

The main reason to separate the access and refresh token is in cases where you need access to the token on the client side, e.g. to make requests from an iFrame or in situations where you don't have access to the cookies.