JWT Refresh Flow Simulator

Visual educational tool to understand how access and refresh tokens work together to maintain secure sessions without repeated logins.

Client State

Access Token
None
Expires in: --
IDLE
Refresh Token
None
Expires in: --
IDLE

Event Log

Ready to simulate...

How the Flow Works

1. Authenticate

User logs in. Server returns short-lived Access Token and long-lived Refresh Token.

2. Access Resource

Client uses Access Token for API calls. If it's expired, the server returns a 401 Unauthorized error.

3. Silent Refresh

On 401, client sends the Refresh Token to get a new Access Token. Process is invisible to the user.