CODEWITHSUNDEEP
javaspring-securitybearer-tokenjwt
Peter Penzov
Peter Penzov

Reputation: 1648

Return JWT token from successful authentication

I created this endpoint to authenticate user:

@PostMapping("/authorize")
public String login(@Valid @RequestBody AuthenticationDTO resetDTO) {
    return userRestService.authorize(resetDTO.getName(), resetDTO.getPassword());
}

After successful authentication token is returned. For example:

eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImF1dGgiOlt7ImF1dGhvcml0eSI6IlJPTEVfQURNSU4ifV0sImlhdCI6MTU5MzUzMjE4NiwiZXhwIjoxNTkzNTMyNDg2fQ.gevNLXsfe8F4MnfDZJK5GhhFn0MskoQejfUUqQjh0d_sa-wyloRf2zOQIhBkn1OEDR4ZyRvIhhEtWPrH33cLPg

What are the best practices for return DTO format related to JWT token after authentication? For example is it a good idea to return the token into the format like

{
   Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImF1dGgiOlt7ImF1dGhvcml0eSI6IlJPTEVfQURNSU4ifV0sImlhdCI6MTU5MzUzMjE4NiwiZXhwIjoxNTkzNTMyNDg2fQ.gevNLXsfe8F4MnfDZJK5GhhFn0MskoQejfUUqQjh0d_sa-wyloRf2zOQIhBkn1OEDR4ZyRvIhhEtWPrH33cLPg
}

What are the good practices in that case?

Upvotes: 1

Views: 1267

Answers (1)

JEY
JEY

Reputation: 7123

There are not really good practice except when returning JSON always return object (always wrap arrays, numbers, string in a top level object). For your specific use case, you could take example on the oauth2 authorization framework and return something like:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
   "access_token":"2YotnFZFEjr1zCsicMWpAA",
   "token_type":"Bearer",
   "expires_in":3600,
}

Upvotes: 2

Related Questions