Theo recent auth video on JWT
Hi, the timestamp is 5:03 on theo recent video on different auth options.
Im confused, currently my understanding is refresh tokens only ever get invalidated if the user sign outs or it expires. This is to force the user to sign in if refresh tokens only ever expires for security purposes
But in theo video, he actually creates a refresh token whenever the acess token needs to be created. This results in the user to always be signed in unless they havent touched the app longer than refresh token expiration
The only difference between the two is the user experience as far as i can see
The user will never sign out with the solution shown in theo video
Whereas using same refresh token until it expires forces user to sign in again for security purposes
Which is the most preferred and secure way? Or are both methods acceptable?
Im confused, currently my understanding is refresh tokens only ever get invalidated if the user sign outs or it expires. This is to force the user to sign in if refresh tokens only ever expires for security purposes
But in theo video, he actually creates a refresh token whenever the acess token needs to be created. This results in the user to always be signed in unless they havent touched the app longer than refresh token expiration
The only difference between the two is the user experience as far as i can see
The user will never sign out with the solution shown in theo video
Whereas using same refresh token until it expires forces user to sign in again for security purposes
Which is the most preferred and secure way? Or are both methods acceptable?
