How to generate the access token in Spring

Question

How can I generate an access token in java spring?

I have tried to create an access token myself, but each time I need to do database operation that is taking a lot of time. Is there any easy way to generate access token?

Answer 1

If you adopt JWT as the format of access tokens, you may be able to avoid DB operations. However, it would be better to compare pros & cons of JWT-based access tokens and DB-based access tokens. Especially, note that there is no easy way to revoke JWT-based access tokens. In addition, it is impossible to change attributes of JWT-based access tokens once they are issued.

The following table excerpted from "7.1. Access Token Representation" in "Full-Scratch Implementor of OAuth and OpenID Connect Talks About Findings" lists characteristics of DB-based access tokens ("Random String" in the table) and JWT-based access tokens ("Self-Contained" in the table).

Answer 2

I'm assuming you mean you need to do database operations to validate the token.

You can use JWT and validate that without database queries. They have a java lib and you don't have to implement any of it.

Answer 3

You can use the jwt library. which will encode your data into 3 parts header, body payload and verified the signature.

https://jwt.io/

it is easy to encrypt and decrypt the token, you can able to find the jwt library for almost all languages.