szerhusenBC/jwt-spring-security-demo

Add an endpoint for refreshing tokens

szerhusenBC opened this issue · 7 comments

There should be an endpoint to refresh tokens before they expire. You should get a new token. Tokens which are expired should be decline.

I created the endpoint in a new local branch.

If the current token is expired it returns 401, if not it returns a new token.

I can create a PR for you to review, I think i would need your permission to push ? :-)

Thanks

Jose

@jmdopereiro Sorry for that late answer! Just create a pull request so that I can review and merge it.

Hi Stephan, I have created a local branch and committed the changes to it, but when I try to push it (not sure I can create the PR without pushing first my branch) I get a 403.

403Pushing

Ah, OK. The normal way is to fork this project, create a new branch on your forked project and then create a PR. Could you try that?

yeap ok, I did it, what do you think ?

I saw it, looks good so far. One thing, did you check, that I fails, if the token you want to refresh is too old? I can't test it myself right now. It shouldn't be possible to refresh a token, that is too old.

That's right (sorry I had some troubles with my browser cache). I just retested, decreased the token-validity-in-seconds to 120 and then waited 2 minutes, the new token api is protected as the rest by the JWTFilter so when the current token is expired it doesn't refresh the token but returns 401. Here you have a postman screenshot and the application logs.

TokenExpiredOnRefreshToken