0

When a user's access and ID tokens expire, they should be considered invalid and refreshed using the refresh token. If unable to do so, the user's session should be expired. *(stating from the issue itself) *

Issue Reference - https://github.com/spring-projects/spring-security/issues/6814

Question - Any leads on how to customise this for now?

Framework Details:

Daga
  • 1
  • 3
  • You can handle it from client side. Once a request fail as unauthorized request (token expired) initiate a new request for a new token using the refresh token. – Elie M Nov 01 '22 at 18:33
  • @Phoenician - please explain- _Once a request fail as unauthorized request (token expired)_ . The statements is contradictory to my understanding i.e. Once User is Authenticated -> Session is created -> Access tokens are never verified --> So request never fails in our application. – Daga Nov 02 '22 at 07:32
  • You're mixing things here.. check this out "https://dzone.com/articles/oauth-20-vs-session-management" to understand the difference between session/token and how they work together. Never less, if your application is using token then you will require to refresh it once expired. This job can be done from front-end side. – Elie M Nov 02 '22 at 08:47

0 Answers0