PLATFORM

  • Tails

    Create websites with TailwindCSS

  • Blocks

    Design blocks for your website

  • Wave

    Start building the next great SAAS

  • Pines

    Alpine & Tailwind UI Library

  • Auth

    Plug'n Play Authentication for Laravel

  • Designer comingsoon

    Create website designs with AI

  • DevBlog comingsoon

    Blog platform for developers

  • Static

    Build a simple static website

  • SaaS Adventure

    21-day program to build a SAAS

COMMUNITY
MORE
Question By

d3d

Solved
Back to All Questions

Refresh Token

Solved
d3ddev

Apr 13th, 2022 07:19 AM

Using OAuth, at what Point do you refresh an Access Token? Let's say your User have an API Access Key that is valid for 1h, the Refresh Keys are endless valid. At what Point do you insert a refresh Function?

Every time the user makes a Request where a valid access Key is needed? Check if key is valid and request a new one if not valid (API response = 401)? Automatically refresh all keys with a scheduler/event Listener?

Report
DigitalOcean Laravel News Genesis
bobbyiliev

Apr 13th, 2022 10:51 AM

Hi there,

This is a good question. Not 100% what is considered a best practice here, but I would probably personally check for a 401 response, that way I would reduce the total amount of requests to the auth API for generating a new call.

Report
d3ddev

Apr 14th, 2022 01:20 AM

But isn't making a 401 get Request equal annoying to the API than just requesting a new Access Token?

And even if the Token is still valid, you still made Request to the API verifying that it's valid.

Report
bobbyiliev

Apr 14th, 2022 02:35 AM

Best Answer

Usually there might be a limit on how many refresh tokens you could get in a certain period, so if you get a new token on every single request that is not going to be very insufficient.

Also on the OAuth backend, the generation of a new token is probably a totally separate service.

Here is a good diagram on how this works in practice:

Source

Report