I want to refresh a JWT every time a controller method is called without having to add a method to every single controller call. Is there a method I can override?
I'm using a Java API.
Asked
Active
Viewed 183 times
1 Answers
0
I want to refresh a JWT every time...
This should be avoided unless you really know what you are going to do.
Use Refresh Tokens Only to refresh your JWT Access Tokens. For more information, read this article and this question & answer (both)
If the primary concern is only about refreshing the tokens, then server should not be bothered about this mechanism intuitively. Such request must be raised from client applications/client of server/web clients/etc.. that they want to refresh the token.
For Eg, If JWT access Token is having 10min lifetime, and refresh token is having 720hrs of lifetime,
- then client must call a refresh token request silently before the expiration time. (in this case, each 8-9 mins should be ok)
- or else, if you don't want to make calls after every 8-9 mins since the user might not be actively using, then you can write some interceptors which checks the expiry of token before making HTTP calls, if token is expired (or about to expire) then they should call refresh token API first, get new token and then continue the normal HTTP call, all this on client side.
This stackoverflow question is kind of doing similar thing with respect to angular framework ( at client side).
That's okay.. but, Still I want to do it on server side, What are the choices?
You can use Aspect Oriented Programming model for this kind of stuff, and happy part is, it's available in Spring Framework.
Read this for basic idea to start over.
Or
Use Filter Interceptors of HttpServlets to manipulate requests/responses.
Read this nice article to get some idea about it.
Hope it helps, at least, in learning. :)
-
Thank you! The client-side method was going to be my next step if this didn't work. Good to know it's a better practice. – Anna R Jun 13 '19 at 19:06