Reputation: 1071
Vert.X Inspect JWT token for expiration time
I have the following scenario, in my vertx application I have an endpoint /login that after receiving correct credentials is issuing a JWT with 30 minutes validity.
I use this token to protect all routes under /api/* endpoints.
All of this is working as expected.
My problem is that I want to be able to intercept those /api/* requests and just before doing the token authentication to inspect the token and if it is about to expire to generate a new one that can be returned in the headers of the response so the client can use it on consequent requests.
What I want to achieve is:
- avoid issuing forever valid tokens as if leaked I have no way to prevent access to the application
- avoid maintaining a token blacklist of anykind
- avoid having to issue very short living tokens and reissue those on every request
In general any kind of strategy is welcome.
Thanks
Upvotes: 2
Views: 1926
Answers (1)
Reputation: 5801
In order to handle a request before the JWT validation all you need to do is add your custom handler before the Auth handler e.g.:
Router router = Router.router(vertx);
// Create a JWT Auth Provider
JWTAuth jwt = JWTAuth.create(vertx, new JsonObject()
.put("keyStore", new JsonObject()
.put("type", "jceks")
.put("path", "keystore.jceks")
.put("password", "secret")));
router.route("/api/*").handler(ctx -> {
// here do what you're planning to achieve, and the call
ctx.next();
});
// protect the API
router.route("/api/*").handler(JWTAuthHandler.create(jwt, "/api/newToken"));
Upvotes: 3
Related Questions
- JWT refresh token flow
- How to decode jwt token in javascript without using a library?
- How do I get current user in .NET Core Web API (from JWT Token)
- JWT (JSON Web Token) automatic prolongation of expiration
- How to apply custom validation to JWT token on each request for ASP.NET WebApi?
- How can I store and secure my JWT token in react application