471,120 Members | 1,481 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,120 software developers and data experts.

how to restrict refresh token to authorize apis other than api for refresh token

While developing for a mobile application, ther comes a requirement for refresh the JWT token. for which i had implemented login response as 1. access token and 2. refresh token.
Where access token has an expiration time of 8 hrs. and refresh token has an expiration time of 2 yrs.
If the access token is expired the api (/refresh-token) is triggered with the existing refresh token for the user.
then an access key is generated.

But there is an issue where the api other than (/refresh-token) api shouldn't be authorized using this refresh token.

Some of the apis can be protected using Permissions but apis having not Permission is still authorized using refresh token --- need to stop this

If anyone having solution please help!!
Jul 1 '22 #1
0 907

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

1 post views Thread by Maya | last post: by
5 posts views Thread by Andrew Chanter | last post: by
reply views Thread by Sid DeLuca | last post: by
2 posts views Thread by Frederick Gotham | last post: by
reply views Thread by copx | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.