Although JWT is marketed as a stateless, database‑free authentication method, real‑world applications often store token identifiers in Redis to handle logout, password changes, and token renewal, which reintroduces state and a database lookup.
The article explains JWT fundamentals, why pure stateless tokens cannot be revoked, compares blacklist and whitelist Redis strategies, discusses token renewal with double‑token design, and shows how to articulate the right answer in an interview.
Token expiration can be handled with three main strategies—frontend‑driven periodic refresh, backend sliding‑window renewal, and the industry‑standard double‑token (access + refresh) scheme—each balancing implementation simplicity, user experience, and security, with the double‑token approach offering the most robust solution.
This article explains the double token (Access Token + Refresh Token) authentication model, compares it with single‑token approaches, outlines production‑grade security measures, recommends token lifetimes, and provides a complete Java Spring Boot implementation with code examples.
This article explains the roles of access and refresh tokens, their lifecycle, and the step‑by‑step process by which a client obtains, uses, and renews tokens to maintain seamless authentication while enhancing security.
This article explains the double token (Access and Refresh) authentication mechanism, detailing its core principles, security benefits, and step‑by‑step implementation with Express on the backend and Vue on the frontend, including token issuance, verification, rotation, middleware, and client‑side handling.
This guide shows how to integrate Spring Security 6 and OAuth2 in Spring Boot 3.x to implement three token renewal strategies—refresh tokens, sliding expiration, and silent renewal—while adding production‑grade security features such as Redis blacklisting and configurable thresholds.
This guide explains how to secure FastAPI applications using OAuth2 with JWT, role‑based access control, refresh‑token workflows, multi‑factor authentication, and integration with external providers such as Auth0, Keycloak, and Firebase.
This guide explains the JWT standard, its three‑part structure, the authentication flow, and a double‑token solution using short‑lived access tokens and long‑lived refresh tokens, with full PHP code examples, middleware interception, configuration, and client‑side renewal logic.
This article provides a comprehensive introduction to the OAuth 2.0 protocol, covering its core concepts, authorization flow, four grant types (authorization code, implicit, resource owner password credentials, client credentials), request and response parameters, token handling, and practical examples with code snippets.
This article provides a comprehensive introduction to the OAuth 2.0 protocol, explaining its core concepts, the roles of resource owner, client, authorization server and resource server, and detailing the four grant types—authorization code, implicit, resource‑owner password credentials, and client credentials—along with token request/response formats and refresh token usage.
This article explains the OAuth 2.0 protocol, describes its four grant types, focuses on the Authorization Code and Implicit flows, outlines the involved roles, token types, client registration steps, and provides detailed request‑response examples for both grant types.
This article explains why JWT has become the preferred method for session management in modern RESTful and SPA architectures, detailing the roles, lifecycles, and implementation steps of access_token and refresh_token, and providing concrete API examples for login and token renewal.
This article explains the OAuth protocol, its role in providing secure third‑party access to user resources, describes the overall authorization architecture, outlines the involved parties and step‑by‑step flow, and details the four main grant types along with token refresh mechanisms.
