Why not to use only 1 token in JWT?
So we can create only 1 token which we will store in cookie. Let's call it bi token. So bi token will act like refresh token + have checkTime field which will act like expiration of access token. A client don't worry about storing access token. At the same time it's secure, because token version will be checked on the server each checkTime + regenerated without additional request. Maybe I miss something, that's why I ask.
1 Reply
If it's okey solution just not a standard then it's enough for me. But mostly I am interested how secure it is.