Spring Boot Security - JWT Refresh Token Explained In Details | JavaTechie

Показать описание

In this tutorial, we demonstrate how to implement a refresh token mechanism in a Spring Boot application secured with JSON Web Tokens (JWT). Refresh tokens improve the security and user experience of your application by allowing clients to request new access tokens without requiring users to re-authenticate every time their access token expires.

By the end of this video, you'll have a solid understanding of how to implement a refresh token mechanism within your Spring Boot application, providing a more secure and seamless experience for your users

#JavaTechie #springBoot #JWT

Spring boot microservice Premium course lunched with 70% off 🚀 🚀

Hurry-up & Register today itself!

PROMO CODE : JAVATECHIE50

GitHub:

Blogs:

Facebook:

Join this channel to get access to perks:

guys if you like this video please do subscribe now and press the bell icon to not miss any update from Java Techie

Disclaimer/Policy:
--------------------------------
Note : All uploaded content in this channel is mine and its not copied from any community ,
you are free to use source code from above mentioned GitHub account

Рекомендации по теме

Комментарии

Thank you sir. Many Developers are learning more knowledge about spring boot by you only sir. Thank for Wonderful concept

vinotech

The refresh token can only be used once. After that, a new accessToken\refreshToken pair should be returned with a new expired time. Otherwise, this token has no meaning. And when the refreshToken expired, the client needs to log in again using the login\password

bzdegiy

You explained the things very well. Thank you so much. But I have one thing to mention, refresh token expiry time should also be extended in the database for every successful refresh token request. Isn't it? If the user request for the new token before the expiry of the refresh token, new token will be given as well as the refresh token time should also be extended and updated in the database. Otherwise after some time the user needs to re-login when the refresh token is expired.

hasanbinalam

Great tutorial man❤. I have 1 qn, wouldn't it be better to add refresh token mechanism in security filter chain so that the backend would automatically generate a new access and refresh token?. in this setup user will send both the accessToken and the refresh token per every request and the server will refresh the access token if it has expired using the refresh token(we can encrypt it). That way we remove the hassle of hitting another endpoint and the API consumer will have to hit one endpoint instead. what's your take on this approach. I'm open to suggestions and corrections. ..

theparten

You are doing a great job by sharing your knowledge.

nareshk

It's is a very good video... for completion of the security series please make a video on jwt logout please

shubhajitmandal

00:00 Implement refresh token mechanism in Springboot application secured with JWT

04:27 Implement refresh token to avoid re-authentication

08:46 Creating a refresh token entity and API

13:13 Creating a refresh token for JWT access token

17:30 Creating a refresh token endpoint

21:18 Methods to verify and retrieve tokens from DV

25:25 Regenerate token using refresh token

29:31 Implementing a refresh token mechanism to avoid re-authentication

Crafted by Merlin AI.

inhtruongvu

@Javatechie great sessions about JWT. have 2 Qs 1. in real time, we should be giving the expiration date of token to be same as JWT expiry time, am I right? 2. from UI, when we get expired message from API call, UI have to make another call to /refreshToken with the token value, is my understanding correct?

soujanyab

thanks for simple and clean explanation

phanimc

Thanks Basant, you always make a great videos.
Could you please add an extra video to your spring security series where you use Spring Vault to store sensitive data like your jwt secret.. etc

mohammadmutawe

Thank you sir, your video is very helpful.
And a request to you, please make a detailed video to explain about keycloke and it use in production ready code

alok

Explanation is good! Can you please explain why we are expiring the "token" which is used to refresh the JWT Token? It seems to defeat the whole purpose, because although we are refreshing the jwt token, but when the "token" expires we will have to relogin again to obtain the new jwt token and the new "token."? Shouldn't be the case that the "token" must not expire and should be able to refresh the JWT token unless the user logs out? Here we are refreshing the JWT token but forcing user to re-login if another "token" expires.

ayushsingh

Thank you so much sir! I’ve followed your previous videos related to security and I am looking on how to add refresh token then you’ve just recently published video for refresh token 👏👍👍 Thanks sir!

ivanpaulbay

awesome video its a very helpful thanks you so much to make such a video.

sujitkumar

@javatechie plz let me know in real-time project where do we store jwt token, how do we create secret key and where to store secret key and how to access it.

sabyasachirajkumar

awesome video, excellent explanation, please use postman light theme

ravikumarpawar

Thank you Basant,
It was really informative video.

Had a doubt on why could we not refresh token our self when we get a token expiration exception, rather than creating a table.

The only way i could see we cannot do it is if jwt checks for expiration first and and then the whole token validity.

itcvbub

g8 video @Basant, one small info JWT is an ID Token would be more precise instead of calling access token. Am I right?

premraj.m

@JavaTechie How does Refresh Token work in mobile applications like Instagram and GooglePay?

machilikanthyadav

00:00 Triển khai cơ chế mã thông báo làm mới trong ứng dụng Springboot được bảo mật bằng JWT

04:27 Triển khai mã thông báo làm mới để tránh xác thực lại

08:46 Tạo thực thể và API mã thông báo làm mới

13:13 Tạo mã thông báo làm mới cho mã thông báo truy cập JWT

17:30 Tạo điểm cuối mã thông báo làm mới

21:18 Phương pháp xác minh và truy xuất token từ DV

25:25 Tạo lại mã thông báo bằng mã thông báo làm mới

29:31 Triển khai cơ chế mã thông báo làm mới để tránh xác thực lại

Crafted by Merlin AI.

inhtruongvu

Spring Boot Security - JWT Refresh Token Explained In Details | JavaTechie

Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation [NEW] [2023]

Spring Security JWT: How to secure your Spring Boot REST APIs with JSON Web Tokens

Spring Boot + Spring Security + JWT from scratch - Java Brains

Spring Security 6 with Spring Boot and JWT Tutorial

#36 Spring Security Project Setup for JWT

Spring Boot 3.0 + Spring Security 6 | JWT Authentication & Authorization | JavaTechie

Secure Spring Boot Web API using JWT and Spring Security - JWT Authentication and Authorization

Spring Boot - Spring Security + JWT Complete Tutorial With Example | javatechie

JWT Authentication & Authorization with Spring Security | Step-by-step tutorial

Spring boot 3.0 - Secure your API with JWT Token [2023]

Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation 2024

Complete Spring Security with JWT Authentication | Spring Security 6 | Securing Spring Boot

Spring Boot and Spring Security with JWT including Access and Refresh Tokens 🔑

Spring Boot Spring Security JWT: How to authenticate with a username and password

Spring Boot 3.0 + Spring Security 6 | JWT Authentication & Authorization

Spring Security JWT: User Sign Up + Login with Email Verification in Spring Boot

Spring Security Architecture Explained

Spring Boot Security & JWT Full Course | JWT Token | Authentication | Roles | Login | 2024 Lates...

Spring Security 6 | Authentication & Authorization - JWT

Spring Boot Security - JWT Refresh Token Explained In Details | JavaTechie

How to Easily Secure Your Fullstack ReactJS - Spring Boot Application With the JWT Authentication

Complete JWT Authentication and Authorisation in Spring Boot

#37 Spring Security | Generating JWT Token

What is JWT? JSON Web Tokens Explained (Java Brains)