DEV Community

Discussion on: How to know if oauth2.0 authentication setup might be an overkill?

chandlerbing016 profile image
Sumit Wadhwa Author

Alright. So, If an existing jwt access token is about to be expired, it should be refreshed with a new one ON the server. Client can expect a refreshed token on any response and once received must replace the old token.

But, why do that? What's the point? How's that secure?

Can you also please point some articles?


devdrake0 profile image

The answers to those questions could be it's own article, so I'd urge you to do some research on the topic and come back with specific questions :)