Creates a long-lived JWT refresh token used to generate new access tokens without
requiring user re-authentication. The token is signed with a separate JWT_REFRESH_SECRET
for additional security and has a longer expiration time (default 7 days).
Refresh tokens are stored securely by clients and used only for token renewal operations.
They contain the same user information as access tokens but are designed for less
frequent use and longer validity periods to balance security with user experience.
// Refresh token usage in token renewal // Client sends refresh token to /auth/refresh endpoint // Server verifies refresh token and generates new token pair // Old refresh token can be revoked for security
Generate JWT refresh token for token renewal
Creates a long-lived JWT refresh token used to generate new access tokens without requiring user re-authentication. The token is signed with a separate JWT_REFRESH_SECRET for additional security and has a longer expiration time (default 7 days).
Refresh tokens are stored securely by clients and used only for token renewal operations. They contain the same user information as access tokens but are designed for less frequent use and longer validity periods to balance security with user experience.