Home > front end >  what is the best practice for JWT in Spring Boot?
what is the best practice for JWT in Spring Boot?

Time:12-01

I would like to start a project with Spring Boot and JWT, I saw some examples which save the refresh tokens in database, so my question is I have to insert refresh tokens into the database, or do I have another best practice way? and if I have to insert into the database, for removing expired tokens I should make a job in Spring?

Thanks a lot

CodePudding user response:

In the case of refresh token flow, it's the client responsibility to securely manage the refresh token. Once the access token expires, the client can use an earlier saved refresh token to get new access and an optional refresh token. As you asked about the approach for storing the refresh token on the server-side, I think storing it in the datastore for later validation purpose while issuing the new access token has one important advantage. By doing so you can always restrict or revoke access to the services. It will make sense in the case where the refresh token has a longer validation time and the server is not issuing a new refresh token with a new access token during refresh token flow.

Page link:https//www.codepudding.com/frontend/211706.html

Prev:REST API Infinite loop
Next:FromDefinition in camel 3.x - migration from 2.x
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding