Refresh Tokens & Access Tokens

Hi all,

Does anyone know if refresh tokens are part of xano? I’ve just learned about the potential security pitfall of passing an access token again and again.

Thanks!

hi @flexkiran - No we don’t use refresh tokens - we use JWE tokens with a defined expiration (meaning you can define how long it lasts in the Create Auth token function), after that expiration the user needs to get a new token.

Thanks for the info @michael. Is implementing refresh token functionality in your roadmap?