Reputation: 59
How to implement refresh token in Spring Boot
I have followed this guide https://auth0.com/blog/implementing-jwt-authentication-on-spring-boot/ to implement access tokens in my web application and it is working fine. However, this guide does not mention anything about refresh token.
Can anyone help me out on how to implement this in Java Spring Boot? Or is there any other way to keep a user logged in?
Upvotes: 5
Views: 24445
Answers (1)
Reputation: 328
Spring provides the functionality for getting a new access token if you configured it correctly, i.e if authorizedGrantTypes contains "refresh_code".
You should use the refresh token to get a new access token by using the token endpoint like this:
curl -H "Authorization: Bearer [base64encode(clientId:clientSecret)]" "https://yourdomain.com/oauth/token?grant_type=refresh_token&refresh_token=[yourRefreshToken]"
example:
curl -X POST -H 'Authorization: Basic dGVzdGNsaWVudDpzZWNyZXQ=' -d 'refresh_token=fdb8fdbecf1d03ce5e6125c067733c0d51de209c&grant_type=refresh_token' localhost:3000/oauth/token
{
"token_type":"bearer",
"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiVlx1MDAxNcKbwoNUwoonbFPCu8KhwrYiLCJpYXQiOjE0NDQyNjI4NjYsImV4cCI6MTQ0NDI2Mjg4Nn0.Dww7TC-d0teDAgsmKHw7bhF2THNichsE6rVJq9xu_2s",
"expires_in":20,
"refresh_token":"7fd15938c823cf58e78019bea2af142f9449696a"
}
as described here: https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/
Upvotes: 6
Related Questions
- How can I refresh tokens in Spring security
- How to get the refresh token in a spring OAuth2 client
- spring oauth2 how to get a new refresh token every time
- Angular + Spring boot Jwt refresh token feature
- Spring Boot refresh JWT Token on every request as long it's valid
- How to get Refresh Token in spring boot using JWT
- Refresh OAuth Token in Spring boot OAuth2RestOperations
- Spring security JWT refresh token not expiring
- Using JWT along with refresh tokens in Spring OAuth2
- How to invalidate previous JWT token after refresh