JWT TOKEN
I need an example of how to store the accessToken in memory and refresh token in httponly cookie ( i am using react axios and express )
a simple writted code/good video ( preferably a written guide/ or justa bunch of code ) PLEASe
5 Replies
u can use cookie parser lib for that
cookie parser for what for the refresh token ?
u set that up from the backend the main issue ( forme is dealing withacess token )
cookie parser is for handling cookies
u can use that to easily set ref token and acc token securely in the clients browser
u also have to pass cookie options where you'll set
secure to true or something like thati might be wrong here but
async function login(req: Request, res: Response) {
try {
// get User
const user = await User.getUserByUserNameOrThrow(req.body.username);
// Validate password
const isMatch = await comparePassword(req.body.password, user.password);
if (!isMatch)
res.status(400).send({ status: "error", message: "Invalid credentials" });
// Generate access and refresh tokens
const accessToken = generateAccessToken(user.id.toString());
const refreshToken = generateRefreshToken(user.id.toString());
res.cookie("refreshToken", refreshToken, {
httpOnly: true,
secure: false,
sameSite: "lax",
maxAge: 30 * 24 * 60 * 60 * 1000, // 30 days
});
res.status(200).json({ accessToken: accessToken });
} catch (error) {
res.status(400).json(error);
}
}
the cookie is sent this way when i open my dev tools and send a request without cookie parser
the problem is:
1) everyone says you should store access token in memory but i didnt find any guide/tutorial so i hope someone can help me
2) i dont know how to send the refresh token with every follow up requestIf you use triple backticks before and after your code it formats the entire thing as a code block instead of doing single backticks on each line:
```
code_goes_here
```