Token-Refresh (EN)

Concept

Strategy for renewing access tokens without re-authentication

Token-Refresh Process

sequenceDiagram     participant Client     participant Auth Server     participant Resource Server          Client->>Auth Server: 1. Request with Access Token + Refresh Token     Auth Server->>Auth Server: 2. Verify Refresh Token (valid, not expired)     alt Token valid         Auth Server->>Auth Server: 3. Renew Access Token         Auth Server->>Client: 4. Send new Access Token         Client->>Resource Server: 5. Use new Access Token         Resource Server->>Client: 6. Access granted     else Token invalid         Auth Server->>Client: 4. Error: Invalid Refresh Token         Client->>Client: 5. Force re-authentication     end

In Context

Typically used together with OAuth 2.0 and JWT
Related to: Access Token, Refresh Token, JWT, OAuth 2.0
Example use: Single-page applications with long user sessions

Quelle: AI Generated