This Express app shows a simple login route that issues access and refresh tokens. The /token route accepts a refresh token and returns a new access token if the refresh token is valid and stored.
import express from 'express';
import jwt from 'jsonwebtoken';
const app = express();
app.use(express.json());
const ACCESS_TOKEN_SECRET = 'access-secret-example';
const REFRESH_TOKEN_SECRET = 'refresh-secret-example';
let refreshTokens = [];
app.post('/login', (req, res) => {
// In real app, validate user credentials here
const user = { name: req.body.name };
const accessToken = jwt.sign(user, ACCESS_TOKEN_SECRET, { expiresIn: '15m' });
const refreshToken = jwt.sign(user, REFRESH_TOKEN_SECRET);
refreshTokens.push(refreshToken);
res.json({ accessToken, refreshToken });
});
app.post('/token', (req, res) => {
const refreshToken = req.body.token;
if (!refreshToken) return res.sendStatus(401);
if (!refreshTokens.includes(refreshToken)) return res.sendStatus(403);
jwt.verify(refreshToken, REFRESH_TOKEN_SECRET, (err, user) => {
if (err) return res.sendStatus(403);
const accessToken = jwt.sign({ name: user.name }, ACCESS_TOKEN_SECRET, { expiresIn: '15m' });
res.json({ accessToken });
});
});
app.listen(3000, () => console.log('Server running on port 3000'));
Recommended