Wiki Article · Cinematic

Refresh Token

Refresh Token ek long-lived credential hai jo user ko dobara login kiye bina naya access token…

Overview

Refresh Token — Quick Facts

📌

Property: Detail

🎯

Topic: Refresh Token

⚡

Type: Authentication / Authorization…

🔑

Purpose: Access token expire hone pe bina…

Topic 1

Infobox

📚 | Property | Detail | |---|---| | Topic | Refresh Token | | Type | Authentication /…

Topic 2

Why Refresh Tokens Exist

💡

Access token short-lived rakhna…

🔑

Lekin short-lived access token =…

⚡

User ko har 15 minute me…

🎯

Refresh token = bridge between…

Topic 3

Access Token vs Refresh Token

🎯 | # | Aspect | Access Token | Refresh Token | |---|---|---|---| | 1 | Purpose |…

Topic 4

How Refresh Token Flow Works

⭐ `mermaid sequenceDiagram participant U as 👤 User participant C as 📱 Client App…

Topic 5

Token Rotation

💡

Agar refresh token chori ho jaaye…

🔑

Rotation ke saath → attacker…

⚡

Ek initial login se ek token…

🎯

Har rotation pe naya refresh token…

Topic 6

Storage and Security

💡

NEVER refresh token localStorage…

🔑

BEST: HttpOnly, Secure,…

⚡

SPA without backend: In-memory +…

🎯

SPA with backend (BFF pattern):…

Topic 7

Refresh Token Revocation

💡

User logout: Refresh token turant…

🔑

Password change: Sab existing…

⚡

Account compromise detected: Sab…

🎯

Token rotation reuse detected:…

Topic 8

Refresh Tokens in OAuth 2.0

💡

Refresh token optional hai OAuth…

🔑

grant_type=refresh_token se token…

⚡

offline_access scope request karne…

🎯

Authorization Code Grant: Yes —…

Topic 9

Common Patterns

💡

Access token expire hone se pehle…

🔑

User ko 401 bhi nahi dikhta —…

⚡

setTimeout se access token expiry…

🎯

Har successful refresh pe refresh…

Topic 10

Common Pitfalls

💡

Problem: XSS attack se koi bhi…

🔑

Impact: Attacker refresh token…

⚡

Fix: HttpOnly Secure cookie ya…

🎯

Problem: Ek baar refresh token…

Topic 11

Best Practices

🎯 1. Access token short-lived — 5-15 minutes maximum, shorter = more secure 2. Refresh…

Topic 12

Glossary

⭐ | # | Term | Meaning | |---|---|---| | 1 | Refresh Token | Long-lived token jo naya…

Comparison

Access Token vs Refresh Token

⚖️

1: Purpose

⚖️

2: Lifetime

⚖️

3: Sent to

Diagram

Visual Flow

📊 Diagram visualization — details in narration

Quiz — Question 1

Refresh Token ka sabse sahi definition kya hai?

Quick Quiz

Quiz — Question 2

Refresh Token ka 'Topic' kya hai?

Complete! 🎉

Refresh Token Complete!

Aliens Wiki · Hinglish · Cinematic Knowledge

✅

Refresh Token Complete

➡️

Refresh Token

Refresh Token — Quick Facts

Property: Detail

Topic: Refresh Token

Type: Authentication / Authorization…

Purpose: Access token expire hone pe bina…

Infobox

Why Refresh Tokens Exist

Access token short-lived rakhna…

Lekin short-lived access token =…

User ko har 15 minute me…

Refresh token = bridge between…

Access Token vs Refresh Token

How Refresh Token Flow Works

Token Rotation

Agar refresh token chori ho jaaye…

Rotation ke saath → attacker…

Ek initial login se ek token…

Har rotation pe naya refresh token…

Storage and Security

NEVER refresh token localStorage…

BEST: HttpOnly, Secure,…

SPA without backend: In-memory +…

SPA with backend (BFF pattern):…

Refresh Token Revocation

User logout: Refresh token turant…

Password change: Sab existing…

Account compromise detected: Sab…

Token rotation reuse detected:…

Refresh Tokens in OAuth 2.0

Refresh token optional hai OAuth…

grant_type=refresh_token se token…

offline_access scope request karne…

Authorization Code Grant: Yes —…

Common Patterns

Access token expire hone se pehle…

User ko 401 bhi nahi dikhta —…

setTimeout se access token expiry…

Har successful refresh pe refresh…

Common Pitfalls

Problem: XSS attack se koi bhi…

Impact: Attacker refresh token…

Fix: HttpOnly Secure cookie ya…

Problem: Ek baar refresh token…

Best Practices

Glossary

Access Token vs Refresh Token

1: Purpose

2: Lifetime

3: Sent to

Visual Flow

See Also

Access Token

OAuth

JWT

Authentication

Authorization

Session

Quiz — Question 1

Quiz — Question 2

Refresh Token Complete!

Refresh Token Complete

Access Token