-3

I'm working on this Spring Security implementation with OAuth2 and JWT:

According to the author I can access resources using token this way:

To access a resource use (you'll need a different application which has configured ResourceServer): http localhost:8080/users 'Authorization: Bearer '$ACCESS_TOKEN

About this step:

To use the refresh token functionality: http --form POST adminapp:password@localhost:9999/oauth/token grant_type=refresh_token refresh_token=$REFRESH_TOKEN

It's not clear for me that when I have to refresh the token and how can I handle this part into my Angular app.

Do I need to implement a timer which would refresh the token from time to time or is there another way to implement this functionality?

ng-hobby
  • 2,077
  • 2
  • 13
  • 26
Peter Penzov
  • 1,126
  • 134
  • 430
  • 808

1 Answers1

0

An Angular based solution would involve these steps:

  • Implement SPA security in the browser
  • Renew tokens silently via iframes
  • Validate tokens in your API

You wouldn't usually implement the Authorization Server yourself - use a low cost cloud provider instead.

It is worth understanding HTTP Messages - step 22 does token refresh.

For a real world approach to SPAs and APIs, see my Visual Tutorial + Code Sample. You could then adapt the code to Angular.

Gary Archer
  • 22,534
  • 2
  • 12
  • 24
  • I checked the links but I'm concerned about using `Renew tokens silently via iframes` is there other better solutions? – Peter Penzov Jul 07 '20 at 07:30
  • Iframes are the standard for SPAs and there is nothing better. You use a security library and avoid writing the code yourself - here is [some sample code of mine](https://github.com/gary-archer/authguidance.websample2/tree/master/spa/src/plumbing/oauth). – Gary Archer Jul 07 '20 at 12:19
  • Ok, I will try to implement this solution. – Peter Penzov Jul 07 '20 at 12:28