Hello, Stephan! Thank you for very good demo, it's very useful.
But i've noticed, that you invokes refreshAndGetAuthenticationToken(HttpServletRequest request) method (/refresh-controller) only in tests.
But in real life when this method(controller) must be called? When and how system knows, that its time to refresh token?

I can't find any information about this moment, so decided to ask you.

Stephan thanks for project.

Found some mistake in refreshing controller

@RequestMapping(value = "${jwt.route.authentication.refresh}", method = RequestMethod.GET)
        public ResponseEntity<?> refreshAndGetAuthenticationToken(HttpServletRequest request) {
            String token = request.getHeader(tokenHeader).substring(7);

I have added substring(7) to code.

Hi @r-n-aliev

After a certain time the token will exceed it's validation time. After that the token won't be accepted by the server anymore. The client has to decide, when to refresh the token. The expiration date is encoded in the token and can be decoded on the client. So the client has the information, that is necessary to device when to perform the refresh.

@RomanNagornyi Thanks for the fix. I will integrate it soon.

Hi! Stephan,
how can we refresh an expired token ?

You have to call the endpoint under /refresh with your "old" token and you will receive a new one. Your old has still to be valid at this time.

thanks for your quick answer , but i ve tried to create an angular application that cousumes the authentication api i stored the token in the local storage every time the client tried to get a resource the intercepter verify if the token is expired and when it expired i tried to get a refreshed token from the expired token

When the token is expired, it is too late to refresh him because he is not accepted anymore. You have to refresh him before he's getting expired.

A small request from me, please use the dot as a punctuation mark, otherwise your posts are difficult to read ;)

i am sorry for my poor english , thanks for your response :)