How to properly handle a JWT refresh?

前端未结

关注

 1  1606

I have an android app. It connects with a REST API developed with Jersey. My REST End points are secured with Tokens. Below is how I generate them.

相关标签:

1条回答

谎友^

2021-02-14 08:48
1. How can I figure out whether the token has to be renewed? I thought I should do that after it is expired, but seems that is not the case. If I ask it to refresh in now
You need to refresh the token before it is expired. Decide your policy:
- issue a fresh token in every request
- issue a fresh token when the current one is close to expire. e.g. 10 min
- let client app request a new token when it needs it using a "refresh service" of your api. For example
```
@GET
@Path("/jwt/refresh")
@Produces(MediaType.TEXT_HTML)
public String refresh(){
    //Build a returns a fresh JWT to client 
}
```
1. How can I assign and send this token back to the user?
If you issue a fresh token during a request, you can return it in a special header that client will read during processing of the response. If you publish a "refresh" service as described above, then the client will call it independently when the current JWT is close to expire

Redirect to login method is not a good alternative because you will lose the current request
1. How do I actually refresh using java-jwt
Just issue a new token
0 讨论(0)
发布评论:

提交评论
- 加载中...