Alright. So, If an existing jwt access token is about to be expired, it should be refreshed with a new one ON the server. Client can expect a refreshed token on any response and once received must replace the old token.
But, why do that? What's the point? How's that secure?
Alright. So, If an existing jwt access token is about to be expired, it should be refreshed with a new one ON the server. Client can expect a refreshed token on any response and once received must replace the old token.
But, why do that? What's the point? How's that secure?
Can you also please point some articles?
Thanks.
The answers to those questions could be it's own article, so I'd urge you to do some research on the topic and come back with specific questions :)