Access Token versus Remember Me Token
Posted By : Pankaj Garg | 29-Aug-2022
Access Token versus Remember me Token
To learn about Access Token we must first know about what id authentication and authorization.
Authentication is the process of authenticating the user if the person is authorized to send the API request that they are trying to enter.
Authorization is the process of authorizing or checking if the person trying to access the specific resources does have to right to access the resources.
JWT Token
JSON Web Token is the security token that is provided in the header of APIs to provide Authentication and Authorization.
JSON Web Tokens are made up of three things:
-
Header
-
Payload
-
Algorithm
The Access Tokens are consists of these three parts and all the information required to access the particular APIs can be stored in those tokens for example Name, a List of roles a person has, expiration date, and time.
Usually, the expiration of the access tokens is set to be 8 hours and after that, a token expires and a person has to be provided with the new token so that they can access the APIs.
After that comes the Refresh Token also called Remember me token and these tokens are also similar to the access token as they also consist of three parts that is Header, Payload, and Algorithm, the difference between this and the access token is that these tokens have an expiration of a longer interval of time.
These Remember Me or Refresh Me Tokens are used to generate the new access token as they have a longer expiration time and by the company standards they hold less information like they store expiration time and they store the id of the person instead of the Names, so when the access tokens are being generated using these refresh tokens check through the database and gets all the information of the users like the roles and the name of the user and all the other things that are being stored in the access token.
Why do we need to Remember me token?
Assume a scenario, a person tries to log into their account using their credentials like username and password, a new access tokens are being assigned to them. These access tokens lasts 8 hours so after 8 hours these tokens expires and the user will have to log in using their credentials every 8 hours but if they have remember me token they won’t need to enter their credentials every 8 hours in order to use their accounts.
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Pankaj Garg
Pankaj Garg is an experienced backend developer, specializing in Java and skilled in using technologies like MySQL, MongoDB, Spring Boot, Hibernate, and Spring Security. He has contributed to multiple internal and client projects. He has experience in creating POC projects such as Micro Services and Message Broker using Spring Security. He has also contributed to the development of the Book Store Management System, which utilizes Rest APIs to communicate from the database to the frontend, providing information on book availability. Along with his passion for coding, he also enjoys playing chess and badminton.