Reputation: 21
Using JWT along with refresh tokens in Spring OAuth2
Consider we want to use JWT along with refresh tokens in Spring.
We have to use JWTTokenStore, right?
But if JWTTokenStore isn't a real database and doesn't store anything, where and how should we store refresh tokens?
(We prefer to store refresh tokens in database rather than store them in memory)
Upvotes: 2
Views: 1376
Answers (2)
Reputation: 1
I faced the same problem. The explanation for me is that the tokens was set in the cookies.(No sessions on client side). And I don't want that my refresh token be used like an access token. (Modifying the access token cookie with the value of the refresh token)
Upvotes: 0
Reputation: 58124
Refresh tokens are JWTs by default if the access tokens are. To change that you would have to modify the token services (possibly a custom TokenEnhancer would do it, and maybe also a custom TokenStore). Why not go with the default?
Upvotes: 1
Related Questions
- How to implement refresh token in Spring Boot
- How can I refresh tokens in Spring security
- How to get the refresh token in a spring OAuth2 client
- spring oauth2 how to get a new refresh token every time
- How to get Refresh Token in spring boot using JWT
- Java Spring JWT with refresh token workflow questions
- Refresh token not present in response
- Spring Security oauth2 with jwt, revocation of refresh token
- Spring OAuth2 refresh token to change after refreshing access token
- Spring OAuth2 Refresh token