471,120 Members | 1,481 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

home > topics > software development > questions > how to restrict refresh token to authorize apis other than api for refresh token

Join Bytes to post your question to a community of 471,120 software developers and data experts.

how to restrict refresh token to authorize apis other than api for refresh token

While developing for a mobile application, ther comes a requirement for refresh the JWT token. for which i had implemented login response as 1. access token and 2. refresh token.
Where access token has an expiration time of 8 hrs. and refresh token has an expiration time of 2 yrs.
If the access token is expired the api (/refresh-token) is triggered with the existing refresh token for the user.
then an access key is generated.

But there is an issue where the api other than (/refresh-token) api shouldn't be authorized using this refresh token.

Some of the apis can be protected using Permissions but apis having not Permission is still authorized using refresh token --- need to stop this

If anyone having solution please help!!
Jul 1 '22 #1
0 907

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics
CreateProcessAsUser - How to get User Token
1 post views Thread by Maya | last post: by
Screen Refresh Issue in A2002
5 posts views Thread by Andrew Chanter | last post: by
WSE2 UserName token not encrypted
reply views Thread by Sid DeLuca | last post: by
Trying to understand "restrict"
2 posts views Thread by Frederick Gotham | last post: by
restrict keyword questions
reply views Thread by copx | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2022
About Bytes
Advertise
Terms Of Use
Privacy Policy
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates