Spring Security | JWT
In the previous post, we learned how to create Token-based Authentication and Authorization using Spring Security and JWT. In this tutorial, we will extend our implementation to include JWT Refresh Tokens in a Java Spring Boot application. We’ll explore how to handle token expiration and renew access tokens using a refresh token.
Our specific requirement is that even if a token has expired, users should still be allowed to access the system if the token is valid. In other words, we aim to refresh the token or provide a new valid token when the user’s token has expired.
To achieve this, we will develop a solution where if a user encounters a JWT expired exception, they can call another API with the expired token. In response, a new token will be provided to the user, which they can use for future interactions with the system.