Add expire and refresh feature for tokens

Question

Add expire and refresh feature for tokens

Closed this issue 5 years ago · 8 comments

There should be a possibility to give a tokens a specific validity duration so that tokens expire after a certain interval. Furthermore there should be a possibility in the JS client to refresh the token. Maybe there is a kind of countdown in the UI, so that a user can see if a token expires.

Check expiration in org.zerhusen.security.JwtAuthenticationTokenFilter#doFilterInternal
Token refresh under org.zerhusen.security.controller.AuthenticationRestController#refreshAndGetAuthenticationToken

Answer 1 · 2019-03-17T10:28:25.000Z

how can we refresh an expired token , because while i try to get claims from the expired token i get an ExpiredJwtException

Answer 2 · 2019-03-17T11:56:26.000Z

It gave an answer here:

#70 (comment)

Answer 3 · 2019-09-10T17:53:45.000Z

Closed, because I published a complete new version.

Answer 4 · 2020-03-09T12:22:39.000Z

Hi Stephan, thank you for the demo!

I assume that in the new version you have removed the refresh token feature right ?

I guess is because it could be a vulnerability ? What do you think about Blacklisting tokens ?

Please let me know if I should open another issue for my questions.

Answer 5 · 2020-03-09T12:33:31.000Z

Hi @jmdopereiro ,

I didn't implement the refresh endpoint so far, because I didn't find the time for that, yet ;)

There was already a question about blacklisting / invalidating tokens:

#102

Answer 6 · 2020-03-09T14:12:45.000Z

Hi Stephan, is it ok for you if I create a branch with the refresh endpoint ?

Thanks

Jose

Answer 7 · 2020-03-10T09:16:43.000Z

@jmdopereiro yeah, do it! I created a new issue for that #109

Answer 8 · 2020-03-28T09:15:05.000Z

Hi Stephan, sorry for the delay, this crisis made me to switch gears.

I saw the ticket, I will continue commenting on it.

Thanks!