4Eki
Doesn’t JWT authentication need cookies?
I am a bit confused. Every tutorial I found for JWT authentication method mentions that the token produced shouldn't be valid for more that 5 minutes. Thats why the method should cowork with cookies (known as refresh-token in JWT). On the contrary every post I find here in stackOverflow they say that cookies don't work with mobile applications and that only a token should be used. So is a token that expires after a long time secure or not? Is there alternative to a cookie refresh-token?
