C#C
C#4y ago
Morricore

API Design of login and refresh JWT token endpoint questions

I'm designing Login and refresh token and I have several questions.
This is what I return on any refresh token and login.
{
    "userName": "Barocco",
    "accessToken": {
        "tokenString": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJiNTAyZTYzZC1lYTYwLTQ4MTktYTc0Ny00ZGI4YmNiY2U3YzkiLCJlbWFpbCI6ImxsQHd3IiwidW5pcXVlX25hbWUiOiJCYXJvY2NvIiwicm9sZSI6IkFkbWluIiwibmJmIjoxNjYzOTIzOTAxLCJleHAiOjE2NjM5MjM5MDYsImlhdCI6MTY2MzkyMzkwMSwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMS8iLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo1MDAxLyJ9.I64OFaR9xnP2VmROBnv2RBNmGdAmbBVUn9kvocUN0Sc",
        "expireAt": "2022-09-29T14:16:35.0050936Z"
    },
    "refreshToken": {
        "tokenString": "JaXYg8r6NCJPD4g3JoQuyKIK4mWV/Be+J+B+QPshPfk=",
        "expireAt": "2022-10-22T14:16:35.0050936Z"
    },
    "role": "Admin"
}

Is it a good format to return this data? Is there any standard?
Is there a good values for token and refresh token lifetime?
Should I allow refreshing token if access token inspired but refresh token - not?
Was this page helpful?