In Part-1 we have done complete implementation on NestJS application authentication by creating the user access token. Now we are going to explore the implementation of the refresh token. We will continue to work on the sample app we have used in Part-1 . Refresh Token Flow: Refresh Token is a random string key that will be created along with the JWT access token and return to the valid client on successful logging in. Now for all subsequent requests will use the access token, but the access token is a short-lived token where as refresh token lives more time than the access token. On the expiration of the access token, the user instead of authenticating himself again passing his user name and password, the user can send the refresh token. The server on receiving a refresh token, first it validates against the storage(database, cache, etc). For a valid refresh token server will create a new access token and refresh token(like when authenticate using user name and password) return it