Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an endpoint for refreshing tokens #109

Open
szerhusenBC opened this issue Mar 10, 2020 · 7 comments
Open

Add an endpoint for refreshing tokens #109

szerhusenBC opened this issue Mar 10, 2020 · 7 comments

Comments

@szerhusenBC
Copy link
Owner

There should be an endpoint to refresh tokens before they expire. You should get a new token. Tokens which are expired should be decline.

@jmdopereiro
Copy link

I created the endpoint in a new local branch.

If the current token is expired it returns 401, if not it returns a new token.

I can create a PR for you to review, I think i would need your permission to push ? :-)

Thanks

Jose

@szerhusenBC
Copy link
Owner Author

@jmdopereiro Sorry for that late answer! Just create a pull request so that I can review and merge it.

@jmdopereiro
Copy link

jmdopereiro commented Apr 9, 2020

Hi Stephan, I have created a local branch and committed the changes to it, but when I try to push it (not sure I can create the PR without pushing first my branch) I get a 403.

403Pushing

@szerhusenBC
Copy link
Owner Author

Ah, OK. The normal way is to fork this project, create a new branch on your forked project and then create a PR. Could you try that?

jmdopereiro added a commit to jmdopereiro/jwt-spring-security-demo that referenced this issue Apr 9, 2020
@jmdopereiro
Copy link

yeap ok, I did it, what do you think ?

@szerhusenBC
Copy link
Owner Author

I saw it, looks good so far. One thing, did you check, that I fails, if the token you want to refresh is too old? I can't test it myself right now. It shouldn't be possible to refresh a token, that is too old.

@jmdopereiro
Copy link

That's right (sorry I had some troubles with my browser cache). I just retested, decreased the token-validity-in-seconds to 120 and then waited 2 minutes, the new token api is protected as the rest by the JWTFilter so when the current token is expired it doesn't refresh the token but returns 401. Here you have a postman screenshot and the application logs.

TokenExpiredOnRefreshToken

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants