Hello
I’m working on securing an API using JWT (JSON Web Tokens) for authentication. While the tokens are functioning as expected, I’m struggling with managing token expiration. When a token expires, the API returns a 401 Unauthorized error; disrupting the user experience.
I want to implement a smooth token refresh mechanism without compromising security. My current approach involves using a refresh token, but I’m unsure how to securely store and handle the refresh token on the client side to prevent abuse or token theft. Additionally; I’d like to understand the best practices for setting token expiration times and managing session revocation.
Checked A Look at The Draft for JWT Best Current Practices CCSP Training guide related to this and found it quite informative.
Has anyone implemented a robust JWT handling strategy for expired tokens? Any tips or resources on secure token storage and refresh token lifecycle management would be greatly appreciated.
Thank you !!!