Before understanding the what are Refresh & Access Token , first we must understand why do we need them and what they are for ?

• Refresh Token is a json web token used to generate more access token.

• Access token are used to access a particular piece of information, without passing credentials again.

• For example : we are signing up on a website , after initial authentication we don't want to pass our credentials again & again, every time we refresh or visit the site again, here access token comes to the rescue.

• Access Token are type of token that are valid for a certain interval of time. These are needed to access a resource. If you already have generated the access token, next time you visit a website, it will then decrypt the access token and the extract the valid info from the database and return it you.

• After access token are expired, refresh tokens are used to generate another access token, when you register or login on a website refresh & access token both are generated, as refresh token life span is greater than access one.

• Refresh Token must be stored in local/session storage or you can pass in headers to a particular endpoint to generate new access token.

• Access Token is necessary in order to remain authorized even if you reload the website or exit it.