Giters

svlada / springboot-security-jwt

Token-based authentication using Spring Boot and JWT.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

how to send refreshToken to the token endpoint?

ppKrauss opened this issue · comments

commented

I have installed springboot-security-jwt at my endpoint (eg. https://localhost:8080/api/user/register) and it is working fine... return a json like this,

{
"refreshToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhbmFAZ2cuY29tIiwic2NvcGVzIjpbIlJPTEVfUkVGUkVTSF9UT0tFTiJdLCJpc3MiOiJodHRwOi8vaXphZ3JvLmNvbS5iciIsImp0aSI6ImRkNTgxMTA4LTNhZWEtNDAzMC04NGViLWQzNjc1MmQzMzgwZCIsImlhdCI6MTQ4MTc0Mjg2NCwiZXhwIjoxNDgxNzQ2NDY0fQ.Jj3hnQuMd6Im9AJhmmxaA7ILiERqHuTUf0BYCerWe4ziggvs2PiCfB_3J2f_Gc3hOqY1IgJWJRm_LrTs1UcxwQ",
"token": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhbmFAZ2cuY29tIiwic2NvcGVzIjpbIlJPTEVfQ0xJRU5UIl0sImlzcyI6Imh0dHA6Ly9pemFncm8uY29tLmJyIiwiaWF0IjoxNDgxNzQyODYzLCJleHAiOjE0ODE3NzE2NjN9.4nKdiOIzOvVJvvFrO7W_gyqyoexukGaGAG-CWgg4srJoevN7PVKOQfsQXAE3h5ySkabUb-Q-xPsEQO18KSYXWw"
}

but, how to send refreshToken to api/auth/token endpoint?
(I not see any clues at your article)

Using postman with a POST to https://localhost:8080/api/auth/token with body

{"refreshToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhbmFAZ2cuY29tIiwic2NvcGVzIjpbIlJPTEVfUkVGUkVTSF9UT0tFTiJdLCJpc3MiOiJodHRwOi8vaXphZ3JvLmNvbS5iciIsImp0aSI6ImRkNTgxMTA4LTNhZWEtNDAzMC04NGViLWQzNjc1MmQzMzgwZCIsImlhdCI6MTQ4MTc0Mjg2NCwiZXhwIjoxNDgxNzQ2NDY0fQ.Jj3hnQuMd6Im9AJhmmxaA7ILiERqHuTUf0BYCerWe4ziggvs2PiCfB_3J2f_Gc3hOqY1IgJWJRm_LrTs1UcxwQ",
}

I have response

{
  "errorCode": 10,
  "message": "Authentication failed",
  "status": 401,
  "timestamp": 1481753363749
}
commented

@ppKrauss

You'll receive Refresh and Access Tokens upon login:

{
  "token": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJzdmxhZGFAZ21haWwuY29tIiwic2NvcGVzIjpbIlJPTEVfQURNSU4iLCJST0xFX1BSRU1JVU1fTUVNQkVSIl0sImlzcyI6Imh0dHA6Ly9zdmxhZGEuY29tIiwiaWF0IjoxNDgyODYzNjkzLCJleHAiOjE0ODI4NjQ1OTN9.S5ni__Bp3jGHx1eT17TFSYAMCMUgHGwoeiTzYGdd9H4kGUXlnDEl7OlSEhp21PT-UabnrlVbLQZUupAOCVS3TQ",
  "refreshToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJzdmxhZGFAZ21haWwuY29tIiwic2NvcGVzIjpbIlJPTEVfUkVGUkVTSF9UT0tFTiJdLCJpc3MiOiJodHRwOi8vc3ZsYWRhLmNvbSIsImp0aSI6ImViZmRlZTczLTJhOTYtNDA4MC05OGE4LTMzYzI3YjRmZGU3OCIsImlhdCI6MTQ4Mjg2MzY5MywiZXhwIjoxNDgyODY3MjkzfQ.lshyy1SsBORYZrp3BIiH8Wn7uVM4OLAsDt0UGnHAJ3ngX_J_aLP7kudw0RPSHszDvhd9KLdjIGUI5lv0RtXtgw"
}

Than you can use Refresh Token to acquire new Access Token. Please find example below:

curl -X GET -H "X-Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJzdmxhZGFAZ21haWwuY29tIiwic2NvcGVzIjpbIlJPTEVfUkVGUkVTSF9UT0tFTiJdLCJpc3MiOiJodHRwOi8vc3ZsYWRhLmNvbSIsImp0aSI6ImViZmRlZTczLTJhOTYtNDA4MC05OGE4LTMzYzI3YjRmZGU3OCIsImlhdCI6MTQ4Mjg2MzY5MywiZXhwIjoxNDgyODY3MjkzfQ.lshyy1SsBORYZrp3BIiH8Wn7uVM4OLAsDt0UGnHAJ3ngX_J_aLP7kudw0RPSHszDvhd9KLdjIGUI5lv0RtXtgw" -H "Cache-Control: no-cache"  "http://localhost:9966/api/auth/token"