Token-based authentication is a protocol that generates encrypted security tokens. It enables users to verify their identity to websites, which then generates a unique encrypted authentication token.
Client application first sends a request to Authentication server with valid credentials.
The Authentication server/ Web API sends an Access token to the client as a response.
In next request, the client uses the same token to access the restricted resources until the token is valid or not expired.
If the Access token is expired, then the client application can request for a new access token by using Refresh token.
Tags:
Authentication & JWT