Spring Security - Refresh token

preview_player
Показать описание

In this tutorial, we demonstrate how to implement a refresh token mechanism in a Spring Boot application secured with JSON Web Tokens (JWT). Refresh tokens improve the security and user experience of your application by allowing clients to request new access tokens without requiring users to re-authenticate every time their access token expires.

By the end of this video, you'll have a solid understanding of how to implement a refresh token mechanism within your Spring Boot application, providing a more secure and seamless experience for your users.

Don't forget to like, comment, and subscribe to our channel for more in-depth tutorials on Spring Boot, JWT authentication, and other programming topics!

Don't Forget to
===========================================
💯 Subscribe to the youtube channel

Table of content
00:00 Intro
01:00 What is refresh token
03:47 Extend the AuthenticationResponse
06:07 Extract JWT properties
09:31 Create refresh token method
12:07 Adjust the register and authenticate endpoints
14:10 Add refresh token endpoint
14:44 Implement the refresh token mechanism
22:08 Revoke the newly generated token
22:56 Test the changes
35:49 Thanks for watchin
  1. Bouali Ali
  2. spring
  3. jpa
  4. data jpa
  5. mapping
  6. onetoone
Рекомендации по теме
Spring Security - 0:26:20

Spring Security - Refresh token

Spring Boot Security 0:33:27

Spring Boot Security - JWT Refresh Token Explained In Details | JavaTechie

Spring Boot and 2:06:49

Spring Boot and Spring Security with JWT including Access and Refresh Tokens 🔑

Implementing Secure Refresh 0:16:46

Implementing Secure Refresh Tokens in Spring Boot | #1 | Spring Boot JWT

Implementing Secure Refresh 0:21:11

Implementing Secure Refresh Tokens in Spring Boot | #2 | Spring Boot JWT

How To Refresh 0:14:43

How To Refresh JWT in Spring Boot? - Tutorial

Authentication Authorization Spring 3:37:49

Authentication Authorization Spring Boot - Spring Security - Database JWT access token refresh token

What are Refresh 0:19:29

What are Refresh Tokens?! and...How to Use Them Securely

Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

Spring Boot 3 2:05:52

Spring Boot 3 + Spring Security 6 - JWT Authentication and Authorisation [NEW] [2023]

Spring Security Crash 1:04:39

Spring Security Crash Course | JWT Authentication and Authorization in Spring Boot 3.1 [NEW] [2023]

🔥 Refresh Token 0:50:46

🔥 Refresh Token Implementation Step by Step Tutorial in one video | Spring Boot

What is a 0:04:53

What is a Refresh Token and why your REST API needs it?

JWT Auth | 0:20:48

JWT Auth | Access and Refresh Token | Spring Boot

Spring Boot and 2:15:14

Spring Boot and Spring Security with JWT including Access and Refresh Tokens 🔑

OAuth 2.0 - 0:13:25

OAuth 2.0 - Refresh Token

Proteja sua Aplicação 0:37:55

Proteja sua Aplicação Spring Boot: Guia Completo de Refresh Token com Spring Security

Spring Security JWT: 0:43:06

Spring Security JWT: How to secure your Spring Boot REST APIs with JSON Web Tokens

[Spring Security] Mastering 2:01:24

[Spring Security] Mastering JWT with OAuth2 and JPA for Secure User Authentication & Authorizati...

ID Tokens VS 0:08:38

ID Tokens VS Access Tokens: What's the Difference?

Spring Boot Security 1:14:24

Spring Boot Security & JWT Full Course | JWT Token | Authentication | Roles | Login | 2024 Lates...

OAuth 2.0 Refresh 1:49:45

OAuth 2.0 Refresh & Access Token Setup with PKCE Flow | Spring Boot Security Tutorial

Spring Boot 3.1 0:10:27

Spring Boot 3.1 With JWT | Login API With JWT And Refresh Token | Part 7

🔥 What is 0:11:33

🔥 What is Refresh Token in Hindi

Комментарии
Автор

This is great! One of the best tutorials I've seen on this. I wondred, whether in your series, you might consider teaching how to implement login with email validation, but instead of angular receiving the tokens, a Spring BFF, with say an Auth Provider like KeyCloak...

sachin.tandon
Автор

Great Bouali Ali. I did watch your previous videos and I read the comments on the Refresh token. And here you go everyone he delivered as you asked for. Such an inspiration. Keep up the great work.

firibuanyass
Автор

This video is very useful, thank you very much!!

anirudh
Автор

Finished your spring security course and i was wondering how to implement refresh tokens. You read my mind. Thanks for this

surge
Автор

شكرا جزيلا على مجهودك. اتمنى ان لا تنسى المجتمع العربي من شرحك <3

hamzaelbouzidi
Автор

you wait for JWT and aouth2 authentication together implementations.
thank you for sharing.

tresorkaleto
Автор

Really appreciated you created this tutorial for the latest Spring boot version.Right timing for me to pick up more backend skills.

seksky
Автор

One of the best trainers for sure.

I would just like to see your way of doing this authentication with angular; because your way is always very optimal and understandable.

loicsan
Автор

I'm actually speechless Ali, thank you so so much for your effort in providing such awesome content.

And please if you'll make a video that dive into CSRF it'll be really useful, I mean the CSRF is important when it comes to security right.
Because most of the video out there just disable it and then move on, without giving why and what should be the best practices on that at the dev environment.

Thank you once again for the contents ❤❤❤

abu-dukhan
Автор

Thank you, I will use it for my university project. portuguese here

sserra
Автор

i love it <3 You're the best :D

bartosztoropolski
Автор

Again a great content. But I have two question to it:

1. In the method refreshToken why we use ObjectMapper instead of returning the AuthorizationResponse like we do it if we register or log in?

2. If I understand it correctly, the whole point of a refresh token is to send a new access token, if the old is no more valid. I miss this workflow from the video. I mean there should be a common method, which checks, if the access token belongs to the right user, but it is expired, and if so, then call the refreshToken method and with the new access token let the user access the restricted resource. Because now if we hit the demo controller, we get only a token expired exception. And I think, in this case, we should call the refreshToken method. And this generally for all secured endpoint. Maybe in a common exception handling, where we catch the token expired exception. This would be a kind of silent re-login. What do you think?

balazsvarga
Автор

This is a great content, thank you so so much.

bryanguzman
Автор

Thanks for this sir ! Please do we have a course on sending email when a user creates an account🤩🙏

dagnogoyaya
Автор

Great video ! thanks for sharing this!

johancamacho
Автор

Great content as always :) I'm still waiting for the Swagger interation. I hope you still find time for it :)

DR.EAM.CHASER
Автор

thank you for the great content. Can you please make a tutorial about online payement with spring boot and angular . TKU

Great_Sahara
Автор

25:20 Can add " " before " new ObjectMapper().writeValue(response.getOutputStream(), authResponse); "

IanCheng-bdrm
Автор

Thank you for nice tutorial. But may i ask you a question that should we save the refresh token in db like we save the access token? if not (only store access token in cookie or anything regarding to client-side), what will happen, it it secured like when we log out the refresh token will be revoked in some how? Thank you in advanced!

DungNguyen-kicr
Автор

Please correct me if I am wrong: For the front end I should be using the refresh token endpoint whenever I receive a 403 when using the access token then resend the same request with the new access token. And if I receive a 403 on the refresh token endpoint that's when I log out the user from my app (I am using a mobile app for the front end and spring boot for the backend)

Quasar