Hello, I have a question regarding JWT. I am using magic link login and see that every time I refresh the page after logging in, the access token changes. Is this right? I thought the access token was supposed to remain the same for 15 minutes, then if the user is still active, the refresh token regenerates the access token. Am I thinking of this wrong? Right now it feels like once I log in, I never get logged out and have unlimited access. Any help is appreciated, thanks.
Last active 3 months ago
3 replies
13 views
- DR
Hello, I have a question regarding JWT. I am using magic link login and see that every time I refresh the page after logging in, the access token changes. Is this right? I thought the access token was supposed to remain the same for 15 minutes, then if the user is still active, the refresh token regenerates the access token. Am I thinking of this wrong? Right now it feels like once I log in, I never get logged out and have unlimited access. Any help is appreciated, thanks.
- EL
The access token is saved in memory, so when you refresh the page it is deleted. Only the refresh token remains. So, when you refresh the page Nhost is using the refresh token to get a new access token.
- EL
> Right now it feels like once I log in, I never get logged out and have unlimited access.
Once you're signed in, you're signed in yes. Not sure what you mean with "unlimited access"?
Last active 3 months ago
3 replies
13 views