I have a method that need to logout user and also need to delete his refresh token.
This is how its look like:
@PostMapping("/logout")
public ResponseEntity<?> logoutPage(@RequestBody TokenDTO dto) {
logger.error("I'm in method");
String refreshTokenString = dto.getRefreshToken();
if (jwtHelper.validateRefreshToken(refreshTokenString) && refreshTokenRepository.existsById(jwtHelper.getTokenIdFromRefreshToken(refreshTokenString))) {
// valid and exists in db
refreshTokenRepository.deleteById(jwtHelper.getTokenIdFromRefreshToken(refreshTokenString));
return ResponseEntity.ok().build();
}
throw new BadCredentialsException("invalid token");
}
As you can see I have logger.
This is inside Thymeleaf:
<form method="post" th:action="@{/api/auth/logout}">
<input type="submit" value="Logout">
</form>
When I trigger that button instead of deleting refresh token that is connected with user I'm getting next error:
java.lang.NullPointerException: null
at com.auth0.jwt.TokenUtils.splitToken(TokenUtils.java:15) ~[java-jwt-4.0.0.jar:4.0.0]
at com.auth0.jwt.JWTDecoder.<init>(JWTDecoder.java:37) ~[java-jwt-4.0.0.jar:4.0.0]
at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:440) ~[java-jwt-4.0.0.jar:4.0.0]
at demo.tripadvisorapp.security.jwt.JwtHelper.decodeRefreshToken(JwtHelper.java:73) ~[classes/:na]
at demo.tripadvisorapp.security.jwt.JwtHelper.validateRefreshToken(JwtHelper.java:85) ~[classes/:na]
at demo.tripadvisorapp.security.api.AuthController.logoutPage(AuthController.java:127) ~[classes/:na]
This is jwtHelper.decodeRefreshToken
private Optional<DecodedJWT> decodeRefreshToken(String token) {
try {
return Optional.of(refreshTokenVerifier.verify(token));
} catch (JWTVerificationException e) {
log.error("invalid refresh token", e);
}
return Optional.empty();
}
This is jwtHelper.validateRefreshToken
public boolean validateRefreshToken(String token) {
return decodeRefreshToken(token).isPresent();
}
And for AuthController.logoutPage I aready provided method above.
What cause this problem, what I'm doing wrong?
