🔐 Refresh Token Flow Example (Ktor Server + Flutter Client)

This repository demonstrates a complete working example of handling access token refreshing in a client-server architecture using:

• Ktor as the backend server
• Flutter as the mobile client app

📌 Features

• 🧾 JWT-based authentication with access and refresh tokens
• ⏱ Access token expires in 1 minute (for testing)
• ♻️ Refresh token expires in 2 minutes
• 🔄 Automatic access token refresh when expired
• 🚪 Forced logout when refresh token is also expired

🛠️ Components

✅ Server (Ktor)

• Exposes endpoints for:

  • /auth/signup
  • /auth/login
  • /auth/refresh
  • /get_data?userId

• Generates JWTs using HMAC

• Stores refresh tokens and validates them during token refresh

📱 Client (Flutter)

• Stores tokens securely using flutter_secure_storage

• Intercepts HTTP 401 errors

  • Automatically retries the original request after refreshing the token
  • If refresh token is also expired, logs the user out

• Uses state management BLoC to manage state

🚀 How to Run

1. Start the Ktor Server

cd ktor-server
./gradlew run

2. Run the Flutter App

cd flutter-client
flutter run