Hi, you described that using your access token is ...
# support-questions-legacyi
IaS1506
08/30/2022, 2:29 PMHi, you described that using your access token is more secure than JWT. But on your site not so many reasons why and its a problem. So can you write a bit more detailed comparison between your access token and JWT?
r
rp_st
08/30/2022, 2:30 PMHey!
Cause:
- The access token is not exposed to the frontend.
- The signing keys of the access token auto change.
i
IaS1506
08/30/2022, 2:32 PMhmm, don't understand clear
r
rp_st
08/30/2022, 2:32 PMI'm not sure how to explain it better
rp_st
08/30/2022, 2:32 PMDo you have any more specific questions?
i
IaS1506
08/30/2022, 2:39 PMI want to use JWT instead of access tokens. I see it more simple way. To be sure I go to supertokens site with comparison of this and wrote you, bc didnt find enough information. So you wrote me about signing keys is auto change - its good but i dont understand what is changed from JWT? And you wrote that access token is not exposed to backend, for the first seeing this message its like a disadvantage... And there is only two reasons of using access tokens instead of JWT - wow, ''it's way more secure'', seriously....
r
rp_st
08/30/2022, 2:40 PMCheck this out please: https://supertokens.com/blog/are-you-using-jwts-for-user-sessions-in-the-correct-way
rp_st
08/30/2022, 2:40 PMit has info about why you shoudln;t use just a JWT for sessions
rp_st
08/30/2022, 2:41 PMAnd using a combination of JWT + refresh tokens (which we do) is much better
rp_st
08/30/2022, 2:41 PMSo it's not really about access token vs JWT. It's more about access + refresh token vs just a JWT.
i
IaS1506
08/30/2022, 2:46 PMOk, now its clear, thank you and sorry, if i were so rude
r
rp_st
08/30/2022, 2:47 PMno worries.. sorry if i seemed dismissive. That wasn't my intention 😅
rp_st
08/30/2022, 2:47 PMwhat i had actually meant to ask was can you rephrase your question. haha
rp_st
08/30/2022, 2:47 PMbut either way. Happy that the article was helpful 🙂
2 Views