Question 8 of 10Pro Only

What is a refresh token and why is it used with access tokens?

Sample answer preview

A refresh token is a long-lived token used to obtain new access tokens without requiring the user to log in again. The problem it solves is this. Access tokens should be short-lived, fifteen minutes to an hour, to limit damage if a token is compromised.

access tokenrefresh tokenrotationrevocationHttpOnlyexpiration

Unlock the full answer

Get the complete model answer, key points, common pitfalls, and access to 9+ more Backend Developer interview questions.

Upgrade to Pro

Starting at $19/month • Cancel anytime

Back to Track