DEV Community

Discussion on: API Authentication Workflow with JWT and Refresh Tokens

chanlito profile image

How mobile authentication should be different?

gokayokyay profile image
Gökay Okyay Author

Hey! Sorry for the late reply.
Actually it's very similar but the refresh token part. In mobile apps, the API's that mobile OS provides us differ, therefore, we can change the structure of our JWT and refresh token. For example if your app is doing something critical, you'll probably want to make your JWTs short-lived, say 5 minutes and make your refresh token a JWT (which will live longer). Or if your app is not doing something critical, you may want your JWT to live longer than 30 minutes. But the idea is the same :)