why we need them ?
When we try to access to a server like facebook or twitter , first we have to login or signup and for that we have to give them our username or password. In early times users have to login every time they visit such websites but with access and refresh token users don't have to go through the long process.
Basic definition of Access & Refresh Tokens
Let's start with an example of a music event. First to enter a music event we need tickets. So, you bought a ticket from the organizer but when you reached the event destination, the guard gave you a stamp on your hand after showing the ticket of the music event and after getting the stamp now you can enter the event. After sometime the organizer committee again came to you to see your stamp but because of sweat your stamp got erased. So you showed them your ticket and they gave you another stamp on your hand. Now the ticket is your refresh token and the stamp is your access token.
Access Tokens are temporary access to resources like websites or apis and it has validity of few times (because the longer validity -> security issue)
Refresh Tokens are used to to get your access token when they expire so the validity of refresh Token is higher than access token.
My above writings are just only the 0.000001% of the topic of an iceberg. For more information you can refer to the video of chai aur code .
Connect with Me! ๐
๐ Hashnode
๐ฆ Twitter
๐ผ LinkedIn
๐ป GitHub
๐animesh
Thank you