Title: Refresh token? Last modified: January 10, 2020 --- # Refresh token? * [scmsteve](https://wordpress.org/support/users/scmsteve/) * (@scmsteve) * [6 years, 5 months ago](https://wordpress.org/support/topic/refresh-token-2/) * I am looking to set up JWT for REST API access and this is one of the plugins that offers it. I like that it also offers token management which a nice plus. There is a ton of other features in this plugin that I’m not sure I need right now, but definitely seems comprehensive. * From reading about how JWT works, though, I thought that when you authenticate you would receive two tokens: One to make requests with, and a second to request a new token when the first one expires. * However, I can’t find any information about this second token or endpoint to do this phasse… I am envisioning when a user would successfully authenticate, we could capture and store the access token, and the refresh/renewal token and store them in a secure vault. When they come back later, if their primary token had expired the system could use the renewal one to request a new token without the need for the user to log in again. * Is this possible with AAM? Viewing 1 replies (of 1 total) * [plusa2m](https://wordpress.org/support/users/plusa2m/) * (@plusa2m) * [5 years, 11 months ago](https://wordpress.org/support/topic/refresh-token-2/#post-13031486) * I’m interested in this topic too. The `refresh` functionality in AAM at the moment is actually refreshing the token by using the same token for authenticate, it’s quite different from a best practice of how JWT should be implemented, which is issue another token for refresh only when we a new token is issued. Viewing 1 replies (of 1 total) The topic ‘Refresh token?’ is closed to new replies. * ![](https://ps.w.org/advanced-access-manager/assets/icon-256x256.png?rev=3447421) * [Advanced Access Manager – Access Governance for WordPress](https://wordpress.org/plugins/advanced-access-manager/) * [Support Threads](https://wordpress.org/support/plugin/advanced-access-manager/) * [Active Topics](https://wordpress.org/support/plugin/advanced-access-manager/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/advanced-access-manager/unresolved/) * [Reviews](https://wordpress.org/support/plugin/advanced-access-manager/reviews/) ## Tags * [jwt](https://wordpress.org/support/topic-tag/jwt/) * [renewal](https://wordpress.org/support/topic-tag/renewal/) * [token](https://wordpress.org/support/topic-tag/token/) * 1 reply * 2 participants * Last reply from: [plusa2m](https://wordpress.org/support/users/plusa2m/) * Last activity: [5 years, 11 months ago](https://wordpress.org/support/topic/refresh-token-2/#post-13031486) * Status: not resolved