For the sake of security, we often set an expiration time for our tokens (
flask-jwt-extended defaults that to 15 minutes). Because a token will expire, we need a function to refresh it without users putting in their credentials again.
Flask-JWT-Extended provides refresh-token-related functions. A refresh token is a long-lived token that can be used to generate new access tokens. Please don't mix up refresh tokens and access tokens. A refresh token can only be used to obtain a new access token; it cannot be used as an access token to access restricted endpoints. For example, endpoints that have the
jwt_optional() decorators need an access token.
Here's a brief explanation of the refresh-token-related functions in Flask-JWT-Extended:
create_access_token: This function creates a new access token.
create_refresh_token: This function creates a refresh token.
jwt_refresh_token_required: This is a decorator specifying that the...