Hello! Nice to meet you guys. I was reading this article from 2020 https://supertokens.com/blog/are-...

mihaiandrei

08/02/2023, 8:22 PM

Hello! Nice to meet you guys. I was reading this article from 2020 https://supertokens.com/blog/are-you-using-jwts-for-user-sessions-in-the-correct-way and started the demo with react + python and I can say, really great job guys 😄 This is the first time i have such a good experience seeing how it works in 60 seconds. However, I have a question regarding the refresh token. The access token is a JWT. The refresh token is just a random string encrypted and saved in the session in db?

rp_st

08/03/2023, 3:46 AM

Hey @mihaiandrei that is correct.

rp_st

08/03/2023, 3:51 AM

Also, appreciate the kind words 🙂

mihaiandrei

08/03/2023, 6:55 AM

Thank you! And, the refresh token is saved in the db encrypted? Or is it encrypted only in the access_token 😄

rp_st

08/03/2023, 6:57 AM

it's hashed in the db

mihaiandrei

08/03/2023, 7:16 AM

Thank you

mihaiandrei

08/03/2023, 8:44 AM

@rp_st sorry to bother again. In order for the auth flow to work, we need to deploy both backend and frontend to the same domain right? - by using nginx or something - by serving frontend from the backend

rp_st

08/03/2023, 8:45 AM

not necessarirly on the same domain

rp_st

08/03/2023, 8:45 AM

they can be on different sub domains as well.

mihaiandrei

08/03/2023, 8:45 AM

Oh, because the cookie is "lax" right?

rp_st

08/03/2023, 8:45 AM

yea

mihaiandrei

08/03/2023, 8:46 AM

Thank you!

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).