Skip to main content


Showing posts with the label Refresh Token

Part-2 Ionic Angular JWT(JSON Web Token) Authentication(Refresh Token Implementation)

In  Part-1  we have implemented steps for jwt authentication in Ionic5 angular application. This is a continuous article of  Part-1 , our main goals here are to use access token in the authorization header and refresh token implementation for user authentication. NestJS(Node.js) Todos API: In  Part-1  we discussed steps to set up the Nestjs API. In that API we have a secured endpoint called 'Todos'. In the next step, we are going to consume this 'Todo' API from our Ionic application. http://localhost:3000/todos Ionic Application Use Authorization Header: Now let's try to consume the secured 'Todos' endpoint by adding the access token to the header. Let's now create a TodoService as below. src/app/services/todo.service.ts: import { Injectable } from "@angular/core"; import { HttpClient } from "@angular/common/http"; import { Observable } from 'rxjs'; @Injectable() export class TodoServie { constructor(private http:HttpCl

Part-2 NestJS JWT(JSON Web Token) Authentication(Refresh Token Implementation)

In  Part-1  we have done complete implementation on NestJS application authentication by creating the user access token. Now we are going to explore the implementation of the refresh token. We will continue to work on the sample app we have used in  Part-1 . Refresh Token Flow: Refresh Token is a random string key that will be created along with the JWT access token and return to the valid client on successful logging in. Now for all subsequent requests will use the access token, but the access token is a short-lived token where as refresh token lives more time than the access token. On the expiration of the access token, the user instead of authenticating himself again passing his user name and password, the user can send the refresh token. The server on receiving a refresh token, first it validates against the storage(database, cache, etc). For a valid refresh token server will create a new access token and refresh token(like when authenticate using user name and password) return it