Android refresh token
I'm developing an Android app and I'm a little confused regarding token and refresh token. Basically now, after user login with mobile number and a code sent by SMS, the authentication server returns an access token that will be used for accessing to all apis. For the authentication server, I've used Laravel with jwt-auth library. When the access token will expired I will ask a new one using the credential of user stored in the AccountManager. Is it the correct way to implement this authentication?
Or I'm missing the refresh token, which I ask a new access token when this expired?
Thanks in advance, Daniele
I think it's better to use both token
and refresh token
, so you don't always have to send your credentials when your access token
is expired. Moreover it's not safe to store users credentials on a client device, you should store this informations on your server and ask the user to type it when needed.
Here how I implement the token/refresh token process :
1 : You send your credentials
to your authentification server ( it will send you back an access token
(I use the JSON web token
type wich is not stored in database) and a refresh token
( that is stored in the database).
2 : When you make a request to your server you check if the access token
is expired, if it is so, you make a request to your authentification server with the refresh token
in paramter in order to have a new access token
( depending on the configuration of your server it could give you back whether a new access token
, or a new pair of access token
and refresh token
which I prefer ).
3: If the refresh token
is expired you make a request with your credentials
to have a new pair of tokens.
上一篇: 几分钟后Web api持票人令牌超时
下一篇: Android刷新令牌