Any way to use split Access Tokens and Refresh Tokens
Hey so I just started using Better-Auth coming from my own Auth System. I'm trying to use short lived access tokens with refresh tokens but I'm not seeing anything about how to do this in Better-Auth. All I'm seeing is the Bearer plugin which seems to be the closest but it seems to combine the access and refresh token into 1 token essentially.
I'd like to be able to use the Bearer plugin with an access token that stores the current user's state (email, username, login options, etc etc) that expires after say an hour. At the same time as generating the access token I would generate another token that only stores the user id and expires after 14-30 days, this token is also passed to the client, but unlike the access token, is stored in the session. The access token is used in the authorization header for authentication, but the refresh token is used to get a new token pair by calling to the token endpoint (for me I did /auth/refresh in my system).
Any ideas? My thinking was to just make my own plugin, but I just wanted to ensure there wasn't something I was missing before doing that. Thanks!
Solution:Jump to solution
Better Auth doesn't issue 2 tokens. Only one token is issued by default. But we have a concept of cookie cache that kind of serves the same purpose.
https://www.better-auth.com/docs/concepts/session-management#session-caching...
Session Management | Better Auth
Better Auth session management.
2 Replies
Solution
Better Auth doesn't issue 2 tokens. Only one token is issued by default. But we have a concept of cookie cache that kind of serves the same purpose.
https://www.better-auth.com/docs/concepts/session-management#session-caching
Session Management | Better Auth
Better Auth session management.
I came here since I had the same use case. I want to use access/refresh tokens for native mobile apps so cookies aren't relevant. This is a very common use case.