Spring Boot Refresh Token using JWT example - Expire and Renew JWT Token

Last update: Dec 28, 2022

Overview

Spring Boot Refresh Token with JWT example

Build JWT Refresh Token in the Java Spring Boot Application. You can know how to expire the JWT, then renew the Access Token with Refresh Token.

The instruction can be found at: Spring Boot Refresh Token with JWT example

User Registration, User Login and Authorization process.

The diagram shows flow of how we implement User Registration, User Login and Authorization process.

And this is for Refresh Token:

Spring Boot Server Architecture with Spring Security

You can have an overview of our Spring Boot Server with the diagram below:

Spring Boot, Spring Security, MySQL: JWT Authentication & Authorization example

For PostgreSQL

For MongoDB

Fullstack Authentication

Spring Boot + Vue.js JWT Authentication

Spring Boot + Angular 8 JWT Authentication

Spring Boot + Angular 10 JWT Authentication

Spring Boot + Angular 11 JWT Authentication

Spring Boot + React JWT Authentication

Fullstack CRUD App

Vue.js + Spring Boot + MySQL/PostgreSQL example

Angular 8 + Spring Boot + MySQL example

Angular 8 + Spring Boot + PostgreSQL example

Angular 10 + Spring Boot + MySQL example

Angular 10 + Spring Boot + PostgreSQL example

Angular 11 + Spring Boot + MySQL example

Angular 11 + Spring Boot + PostgreSQL example

React + Spring Boot + MySQL example

React + Spring Boot + PostgreSQL example

React + Spring Boot + MongoDB example

Run both Back-end & Front-end in one place:

Integrate Angular with Spring Boot Rest API

Integrate React.js with Spring Boot Rest API

Integrate Vue.js with Spring Boot Rest API

More Practice:

Spring Boot File upload example with Multipart File

Exception handling: @RestControllerAdvice example in Spring Boot

Spring Boot Repository Unit Test with @DataJpaTest

Deploy Spring Boot App on AWS – Elastic Beanstalk

Secure Spring Boot App with Spring Security & JWT Authentication

Dependency

<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>

<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-security</artifactId>
</dependency>

<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
	<groupId>mysql</groupId>
	<artifactId>mysql-connector-java</artifactId>
	<scope>runtime</scope>
</dependency>

<dependency>
	<groupId>io.jsonwebtoken</groupId>
	<artifactId>jjwt</artifactId>
	<version>0.9.1</version>
</dependency>

Configure Spring Datasource, JPA, App properties

Open src/main/resources/application.properties

spring.datasource.url= jdbc:mysql://localhost:3306/testdb?useSSL=false
spring.datasource.username= root
spring.datasource.password= 123456

spring.jpa.properties.hibernate.dialect= org.hibernate.dialect.MySQL5InnoDBDialect
spring.jpa.hibernate.ddl-auto= update

# App Properties
bezkoder.app.jwtSecret= bezKoderSecretKey
bezkoder.app.jwtExpirationMs= 3600000
bezkoder.app.jwtRefreshExpirationMs= 86400000

Run Spring Boot application

mvn spring-boot:run

Run following SQL insert statements

INSERT INTO roles(name) VALUES('ROLE_USER');
INSERT INTO roles(name) VALUES('ROLE_MODERATOR');
INSERT INTO roles(name) VALUES('ROLE_ADMIN');

This project contains a full example of an application developed using Spring Boot and GraphQL within the Java.

Spring boot GraphQL Example This project contains a full example of an application developed using GraphQL within the Java. The project includes a com

Jul 20, 2022

Spring JPA Many To Many example with Hibernate and Spring Boot CRUD Rest API - ManyToMany annotation

Dec 28, 2022

Zitadel.ch Example Project with Spring Boot and Spring Security

Zitadel Example Project with Spring Boot and Spring Security This example contains two Spring Boot Apps (app and api) which use the Zitadel IdP as Ope

May 3, 2022

This is an example of how conditional events can be triggered in Camunda using a simple spring boot project

Camunda Conditional Events Example This example is a Spring Boot Application using Camunda. In this example i'll show a variety of ways that BPMN's Co

Sep 30, 2021

Project Basics Example using Spring Boot 3.0

Base Project Spring 3.0 Exaples of the acess - API localhost Method create - POST Content-Type =

May 9, 2022

Spring boot microservice example with Eureka Server + Eureka Client + Spring Cloud API Gateway + OAuth2.0 + Circuit Breaker + Resilience4J + FeignClient + RestTemplate

Spring boot microservice example Spring boot microservice example with Eureka Server + Eureka Client + Spring Cloud API Gateway + OAuth2.0 + Circuit B

Dec 29, 2022

Comments

How about this way

Hi I implemented a new way of refresh tokens and I don't know that it is secure or optimized. this is how it works:

1- User logs in or sign up 2- Refresh token with expiration and Access token with no expiration created and sends to client 3- These created tokens, stored in database like this:

table: tokens user_id | refresh_token | access_token 1 | some_token | some_token

4- When clients requests for an endpoint, it should send refresh_token and access_token in the header

5- Server checks if the refresh_token expired or not and also checks both refresh_token and access_token with stored ones if they are equal or not

6- If everything was OK, server generates new access_token and updates the table and sends back to client

By this way, access_tokens are used once. If client request for an endpoint and it was successful, server sends back a new access_token and the client for every next request alongside refresh_token, should send this new access token

opened by DarkDeveloper-arch 2
Please upgrade to Spring Boot 3.0.0 with Spring Security 6.x
Please upgrade to Spring Boot 3.0.0 with Spring Security 6.x

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

cannot work with Spring Boot 3.0.0 . See https://stackoverflow.com/questions/74667235/spring-security-6-when-upgrade-to-spring-boot-3-org-springframework-security-a

and

https://stackoverflow.com/questions/74666596/how-to-fix-error-of-websecurityconfigureradapter-when-upgrade-to-spring-boot-3-0

Thank you very much!
opened by donhuvy 3

Spring Boot Refresh Token using JWT example - Expire and Renew JWT Token

Related tags

Overview

Spring Boot Refresh Token with JWT example

User Registration, User Login and Authorization process.

Spring Boot Server Architecture with Spring Security

Fullstack Authentication

Fullstack CRUD App

More Practice:

Dependency

Configure Spring Datasource, JPA, App properties

Run Spring Boot application

Run following SQL insert statements

You might also like...

This project contains a full example of an application developed using Spring Boot and GraphQL within the Java.

Spring JPA Many To Many example with Hibernate and Spring Boot CRUD Rest API - ManyToMany annotation

Zitadel.ch Example Project with Spring Boot and Spring Security

This is an example of how conditional events can be triggered in Camunda using a simple spring boot project

Project Basics Example using Spring Boot 3.0

Spring boot microservice example with Eureka Server + Eureka Client + Spring Cloud API Gateway + OAuth2.0 + Circuit Breaker + Resilience4J + FeignClient + RestTemplate

Spring JPA @Query for custom query in Spring Boot example

Spring JPA Native Query example in Spring Boot

Implementing JWT authentication with spring boot.

Comments

How about this way

Please upgrade to Spring Boot 3.0.0 with Spring Security 6.x

Owner

Spring Boot Security Login example with JWT and H2 example

Spring Boot & MongoDB Login and Registration example with JWT, Spring Security, Spring Data MongoDB

Spring Boot JWT Authentication example with Spring Security & Spring Data JPA

循序渐进，学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2，博客Spring系列源码：https://mrbird.cc

Spring Boot JdbcTemplate example with SQL Server: CRUD Rest API using Spring Data JDBC, Spring Web MVC

ReactJS, Spring Boot JWT Authentication Example

This module explains about the example of Spring MVC + Database Integration with MySQL using Hibernate ORM with practical coding example and required JAR dependencies

Spring Boot REST API authentication best practices using JWT

The Spring Boot Sample App on K8S has been implemented using GKE K8S Cluster, Spring Boot, Maven, and Docker.