<h3 id="heading-access-token"><strong>Access Token:</strong></h3>
<ul>
<li><p><strong>Function:</strong> Grants access to specific resources on a server. Think of it like a key for a specific door.</p>
</li>
<li><p><strong>Lifetime:</strong> Short-lived, typically expiring in minutes or hours. However, the exact duration can vary depending on the application and its security needs. In some cases, it might be a day or two, while others might use shorter windows of just a few hours. This short validity period enhances security by limiting the potential damage if an access token is compromised.</p>
</li>
<li><p><strong>Storage:</strong> Placed within the application or browser</p>
</li>
</ul>
<h3 id="heading-refresh-token">Refresh Token:</h3>
<ul>
<li><p><strong>Function:</strong> Used to acquire new access tokens once the original access token expires. Imagine it like a keycard to get new building keys.</p>
</li>
<li><p><strong>Lifetime:</strong> Long-lived, lasting days, weeks or even months. They are stored securely as they can be used to generate new access tokens.</p>
</li>
<li><p><strong>Storage:</strong> Secured on the authorization server, not accessible by the application or user directly.</p>
</li>
</ul>
<p>Watch this amazing explanation from Hitesh Choudhary sir on Chai aur Code Youtube channel.</p>
<div class="embed-wrapper"><div class="embed-loading"><div class="loadingRow"></div><div class="loadingRow"></div></div><a class="embed-card" href="https://youtu.be/L2_gIrDxCes?si=T9-O58YRuKv_p8t3">https://youtu.be/L2_gIrDxCes?si=T9-O58YRuKv_p8t3</a></div>


### **Access Token:**

* **Function:** Grants access to specific resources on a server. Think of it like a key for a specific door.
    
* **Lifetime:** Short-lived, typically expiring in minutes or hours. However, the exact duration can vary depending on the application and its security needs. In some cases, it might be a day or two, while others might use shorter windows of just a few hours. This short validity period enhances security by limiting the potential damage if an access token is compromised.
    
* **Storage:** Placed within the application or browser
    

### Refresh Token:

* **Function:** Used to acquire new access tokens once the original access token expires. Imagine it like a keycard to get new building keys.
    
* **Lifetime:** Long-lived, lasting days, weeks or even months. They are stored securely as they can be used to generate new access tokens.
    
* **Storage:** Secured on the authorization server, not accessible by the application or user directly.
    

Watch this amazing explanation from Hitesh Choudhary sir on Chai aur Code Youtube channel.

%[https://youtu.be/L2_gIrDxCes?si=T9-O58YRuKv_p8t3]

This guide explains how access tokens (short-lived keys) grant controlled access, while refresh tokens (like keycards) provide new access tokens.

Asmit's blog

Asmit's blog

What is the difference between Access and Refresh Token?

Access Token:

Refresh Token: