Reputation: 91
Refresh JWT without OAuth2
I 'm using JWT in my spring boot application and spring security for authentication. The problem is that I can't refresh JWT token after the jwt.expiration time declared in file application.properties so the users gets logged out after 30min . Do I need OAuth2 implementation or is there any other quick-and-dirty way to solve this?
Upvotes: 0
Views: 589
Answers (1)
Reputation: 7802
This is a pretty broad question, but I'll try and point you in the right direction.
Refreshing tokens is the business of an authorization server. So, your application would need to talk with one of those in order to renew the token.
I'd invite you to read up on OAuth 2.0 to understand how renewals happen. Specifically, they require a refresh_token grant from that authorization server.
Based on your description, you are likely an OAuth 2.0 Client application, in which case you'd be most interested in Spring Security's OAuth 2.0 Login and OAuth 2.0 Client support.
Also, I know you didn't ask this, but I'd also discourage you from seeking out "quick-and-dirty" solutions. Take the time to understand the security landscape, and it will pay you dividends later.
Upvotes: 2
Related Questions
- How to implement refresh token in Spring Boot
- How can I refresh tokens in Spring security
- Angular + Spring boot Jwt refresh token feature
- Angular JWT refresh token
- Implement refresh token in Spring Security + Angular
- Using JWT along with refresh tokens in Spring OAuth2
- Angular - JWT Refresh Token
- Spring Security oauth2 with jwt, revocation of refresh token
- How to invalidate previous JWT token after refresh
- Revoke JWT Oauth2 Refresh Token