Add expire and refresh feature for tokens

[szerhusenBC]

There should be a possibility to give a tokens a specific validity duration so that tokens expire after a certain interval. Furthermore there should be a possibility in the JS client to refresh the token. Maybe there is a kind of countdown in the UI, so that a user can see if a token expires.

• Check expiration in org.zerhusen.security.JwtAuthenticationTokenFilter#doFilterInternal
• Token refresh under org.zerhusen.security.controller.AuthenticationRestController#refreshAndGetAuthenticationToken

[houssemlou]

how can we refresh an expired token , because while i try to get claims from the expired token i get an ExpiredJwtException

[szerhusenBC]

It gave an answer here:

#70 (comment)

[szerhusenBC]

Closed, because I published a complete new version.

[jmdopereiro]

Hi Stephan, thank you for the demo!

I assume that in the new version you have removed the refresh token feature right ?

I guess is because it could be a vulnerability ? What do you think about Blacklisting tokens ?

Please let me know if I should open another issue for my questions.

[szerhusenBC]

Hi @jmdopereiro ,

I didn't implement the refresh endpoint so far, because I didn't find the time for that, yet ;)

There was already a question about blacklisting / invalidating tokens:

#102

[jmdopereiro]

Hi Stephan, is it ok for you if I create a branch with the refresh endpoint ?

Thanks

Jose

[szerhusenBC]

@jmdopereiro yeah, do it! I created a new issue for that #109

[jmdopereiro]

Hi Stephan, sorry for the delay, this crisis made me to switch gears.

I saw the ticket, I will continue commenting on it.

Thanks!