0

You want to implement a token refresh endpoint that rejects refresh tokens if they are expired or revoked. Which approach best ensures security and proper token refresh?

hard🚀 Application Q15 of Q15

Rest API - Authentication and Authorization

You want to implement a token refresh endpoint that rejects refresh tokens if they are expired or revoked. Which approach best ensures security and proper token refresh?

AStore refresh tokens with expiration and revocation status; verify both before issuing new access tokens

BAccept any refresh token and always issue a new access token

COnly check if the refresh token exists in the database, ignore expiration

DIssue new access tokens without any refresh token verification

Step-by-Step Solution

Solution:

Step 1: Understand security needs for refresh tokens
Refresh tokens must be checked for expiration and revocation to prevent misuse and unauthorized access.
Step 2: Evaluate options for token verification
Store refresh tokens with expiration and revocation status; verify both before issuing new access tokens includes both expiration and revocation checks, ensuring only valid tokens get new access tokens. Other options ignore important security checks.
Final Answer:
Store refresh tokens with expiration and revocation status; verify both before issuing new access tokens -> Option A
Quick Check:
Verify expiration and revocation for security [OK]

Quick Trick: Check expiration and revocation before refresh [OK]

Common Mistakes:

MISTAKES

Ignoring token expiration
Not checking if token is revoked
Issuing tokens without verification

Master "Authentication and Authorization" in Rest API

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More Rest API Quizzes