Enhancing Double Token Mechanism for Seamless Refresh

The article addresses the issue of simultaneous token expiration in double token systems, which can disrupt user experience.

The double token mechanism has become a standard practice in secure interface authentication for web services. However, this mechanism may encounter issues that negatively impact user experience in practical applications. This article will introduce how to optimize the token refresh process to improve the user's operational experience while ensuring the security of the system.

Problem Overview

In the double token mechanism, the access token is used for short-term access, and the refresh token is used for long-term authorization. When the access token expires, the system attempts to use the refresh token to obtain a new access token. However, if the refresh token also expires, the user will face the inconvenience of having to re-authenticate, which is particularly frustrating when the user is in the middle of an important operation.


Step One: Synchronize Refresh Token Updates

To avoid the problem of both tokens expiring simultaneously, generate a new refresh token at the same time as updating the access token. This way, even if the new access token expires, the user can continue to operate seamlessly using the new refresh token.

Step Two: Set Token Expiry Times Reasonably

The expiry time of the refresh token needs to be set according to the actual requirements. If you want the user to be able to operate without logging in for an extended period, you can set the expiry time of the refresh token to be longer. If you are only concerned with the seamless experience of the user in a single session, you can set the expiry time of the refresh token to be shorter to enhance security.

Implementation Suggestions

  • When designing the token refresh strategy, balance user experience and system security.
  • Adjust the token expiry time settings according to the specific needs of the service.
  • Refer to the relevant specifications of RFC 6749 to ensure that the implementation of the token refresh process complies with industry standards.

By the above methods, we can effectively enhance the user's continuous operation experience while maintaining the security performance of the system.

RFC 6749 - The OAuth 2.0 Authorization Framework: Bearer Token Usage