I have created Spring Boot application using Spring Security and JWT. I want to write a custom method to revoke a JWT Token, that was created and given to a user.
Is there any way to solve this problem? Please share the solution
Related
I'm using spring boot oauth2 client for oauth2 purpose. Right now my application is automatically refreshing the access token after the token is expired as I'm using OAuth2AuthorizedClientManager. I wanted to know if there is a way to refresh the access token manually and store the updated token to spring boot credential store so all the APIs can use that.
I have already checked this post which is similar but not duplicate. Refresh OAuth2 access token manually
Appreciate any help.
I am working on a Spring Boot application where existing user authentication is based on Oauth2 with 2FA. Now, I would like to call the APIs in my application from the third-party client as well, say from another service.
Basically, I would like to develop one auth API, where on providing a valid client name, valid API key, and API secret, the client will get an auth token, which will be valid for say 1 hour. Then this auth token can be passed in all successive API invocation until the token gets expired.
I found a few articles here:
a. Securing Spring Boot API with API key and secret
b. How to secure spring Boot API with API key and secret
c. how to implement api key secure in spring boot?
d. How to config multiple level authentication for spring boot RESTful web service?
But, I am not getting any concrete idea regarding, how to achieve this.
Could you please suggest how can I achieve this? Thanks
I need some understanding on over all flow of spring security.
I have implemented oauth2 Authorization Server and a Resource server in the same Spring Boot App.Where i am able to generate JWT tokens. And sample Rest api in this app is secured and accessible only with token.
I have another spring boot app which should be secured? What should i do in this. Also i need to read the token in this service to know the role of user.
Please clarify me how to implement the step2.
You can create a module where your spring security config is implemented.
In this module is the class that is annotated with the #EnableWebSecurity annotation, where you define the open routes. I guess you already have a class like this for your sample rest API, mentioned in step 1.
Now every microseconds that has to be secured uses this module by importing it, eg as maven dependency. By this it's api is automatically secured via spring security.
Your auth service serves a jwk endpoint where every microservice can verify a token via public key.
I have JWT token which is RSA256 signed. I need to validate this token in my my microservice.
Can anyone give a example of how to implement this using Spring Security.
You can setup a springboot resource server to handle the JWT token and security. Check spring document for resource server
I run my app with Spring Boot using JWT token for authentication. I have a filter checks a token. Also my app provide rest API documentation with Swagger 2. I don't want my rest api will be public
So my question is, how i can provide a security for Swagger access? and can provide basic security for it?