DEV Community

Trương Đình Chiến
Trương Đình Chiến

Posted on

Should revoke refress token when get new access token?

I have API get new access token from refresh token but i wonder that: should revoke refresh token and generate new refresh token when getting new access.

Case 1: api/refresh token => {new_access_token,new_refresh_token} (refresh_token revoked)

Case 2: api/refresh token => {access_token} (refresh_token not revoke)

What is bestpractive, im using Nestjs

Top comments (1)

kristories profile image
Wahyu Kristianto

It is generally recommended to revoke the refresh token when issuing a new access token and refresh token pair. This ensures that the previous refresh token cannot be used to get a new access token if it has been compromised.

Visualizing Promises and Async/Await 🤓

async await

☝️ Check out this all-time classic DEV post on visualizing Promises and Async/Await 🤓