JWT is expiring after each request
ZinfinityDarshan opened this issue · 3 comments
Hi Mate,
I tried the code and found that the JWT token is expiring after each request, is there any way to keep it alive ?
Advance Thanks,
Darshan
Hi @ZinfinityDarshan, it not strictly necessary, it's a trade off between security and convenience. In the source code of the current implementation you will find the following endpoint that allows you to implement a refresh token flow.
spring-boot-jwt/src/main/java/murraco/controller/UserController.java
Lines 96 to 100 in 1393c77
The steps would be:
- When the user autenticates issue an access JWT and a refresh JWT.
- At some point the access JWT will expire and you will use the refresh JWT to obtain a new access JWT.
Hi @ZinfinityDarshan, it not strictly necessary, it's a trade off between security and convenience. In the source code of the current implementation you will find the following endpoint that allows you to implement a refresh token flow.
spring-boot-jwt/src/main/java/murraco/controller/UserController.java
Lines 96 to 100 in 1393c77
The steps would be:
- When the user autenticates issue an access JWT and a refresh JWT.
- At some point the access JWT will expire and you will use the refresh JWT to obtain a new access JWT.
Hi murraco,
How can the user get the Refresh JWT token? I cannot find any method that return a Refresh token .
Hi @hanzhaogang,
That endpoint gives you back a new JWT token if the user sending the request is authenticated. With this approach the responsibility moves to the client side, where you can keep track of the expiration time of the token or just generate a new one every time you send a request. Is up to you.