While developing for a mobile application, ther comes a requirement for refresh the JWT token. for which i had implemented login response as 1. access token and 2. refresh token.
Where access token has an expiration time of 8 hrs. and refresh token has an expiration time of 2 yrs.
If the access token is expired the api (/refresh-token) is triggered with the existing refresh token for the user.
then an access key is generated.
But there is an issue where the api other than (/refresh-token) api shouldn't be authorized using this refresh token.
Some of the apis can be protected using Permissions but apis having not Permission is still authorized using refresh token --- need to stop this
If anyone having solution please help!!
Where access token has an expiration time of 8 hrs. and refresh token has an expiration time of 2 yrs.
If the access token is expired the api (/refresh-token) is triggered with the existing refresh token for the user.
then an access key is generated.
But there is an issue where the api other than (/refresh-token) api shouldn't be authorized using this refresh token.
Some of the apis can be protected using Permissions but apis having not Permission is still authorized using refresh token --- need to stop this
If anyone having solution please help!!