In this article, we will learn the generation and usage of the refresh token in .NET6 Web API application. Click here to understand the implementation of the JWT token in .NET6 Web API. Refresh Token: When the JWT access token expires to renew it without user credentials we will use the Refresh Token. Let's understand the flow of Refresh Token. The user sends valid 'User Name' and 'Password' to the server, then the server will generate JWT Access Token and Refresh Token sent as a response The JWT Access Token is a short live token(eg 20 minutes) and Refresh Token is a long live token(eg: 7 days) Now client application sends a JWT access token in the request header that makes the user authenticated. If the JWT token expires then the server returns 401 unauthorized responses. Then the client sends the refresh token to the server to regenerate the JWT Access token. The server validates the refresh token and returns a new JWT Access Token and a new Refresh Token as a r