Need Help: Login with Access & Refresh Tokens (React + Next.js / Node.js + Express)
Unanswered
New Zealand posted this in #help-forum
New ZealandOP
Hi!
I’m building a login system using React + Next.js on the frontend and Node.js + Express on the backend. I want to implement JWT authentication with access tokens and refresh tokens, but I’m a bit confused about the best way to handle it.
What I’m trying to do:
-After login, return an access token (short-lived) and refresh token (long-lived)
-Store them securely on the client
-Auto-refresh the access token when it expires
-Protect frontend and backend routes
-Handle logout properly
If anyone has tips, examples, or best practices on how to manage this flow securely, I’d really appreciate it. Thanks!
I’m building a login system using React + Next.js on the frontend and Node.js + Express on the backend. I want to implement JWT authentication with access tokens and refresh tokens, but I’m a bit confused about the best way to handle it.
What I’m trying to do:
-After login, return an access token (short-lived) and refresh token (long-lived)
-Store them securely on the client
-Auto-refresh the access token when it expires
-Protect frontend and backend routes
-Handle logout properly
If anyone has tips, examples, or best practices on how to manage this flow securely, I’d really appreciate it. Thanks!
1 Reply
@New Zealand Hi!
I’m building a login system using React + Next.js on the frontend and Node.js + Express on the backend. I want to implement JWT authentication with access tokens and refresh tokens, but I’m a bit confused about the best way to handle it.
What I’m trying to do:
-After login, return an access token (short-lived) and refresh token (long-lived)
-Store them securely on the client
-Auto-refresh the access token when it expires
-Protect frontend and backend routes
-Handle logout properly
If anyone has tips, examples, or best practices on how to manage this flow securely, I’d really appreciate it. Thanks!
the only best practice I would suggest it to verify the user token in both the middleware and the page the user is accessing