How to handle JWT update correctly?

Question

How to handle JWT update correctly?

I have an android app. It connects with REST APIdesigned with help Jersey. REST endpoints are provided with tokens. The following is a way to generate them.

Algorithm algorithm = Algorithm.HMAC256(secret);
String token = JWT.create()
    .withClaim("userName","myusername)
    .withExpiresAt(expirationDate)
    .sign(algorithm);

Below is how I check the token

public boolean validateTokenHMAC256(String token, String secret) throws UnsupportedEncodingException, JWTVerificationException
    {       
        Algorithm algorithm = Algorithm.HMAC256(secret);


        JWTVerifier verifier = JWT.require(algorithm) 
                .build(); //Reusable verifier instance
            DecodedJWT jwt = verifier.verify(token);

            Claim usernameClaim = jwt.getClaim("username");
            String username = usernameClaim.asString();
            System.out.println(username);


        return true;
    }

In my REST API, I have a filter, and this filter checks each request to see if the token is what it is. Below is the code.

@Secured
@Provider
@Priority(Priorities.AUTHENTICATION)
public class AuthenticationFilter implements ContainerRequestFilter{

    //private static String authorizationSecret = "ZXW24xGr9Dqf9sq5Dp8ZAn5nSnuZwux2QxdvcH3wQGqYteJ5yMTw5T8DBUJPbySR";

    public AuthenticationFilter()
    {
        System.out.println("test printing");
    }

    @Override
    public void filter(ContainerRequestContext crc) throws IOException
    {
        String headerString = crc.getHeaderString("Bearer");
        System.out.println("bluh: "+headerString);
        System.out.println("test printing");

        try
        {
            boolean validateToken = validateToken(headerString, AuthKey.authorizationSecret);
            System.out.println("valid");
        }
        catch(Exception e)
        {
            System.out.println("invalid");
            crc.abortWith(
                Response.status(Response.Status.UNAUTHORIZED).build());
        }

    }

    private boolean validateToken(String strToken, String secret) throws UnsupportedEncodingException, JWTVerificationException
    {
        Token token = new Token();
        return token.validateTokenHMAC256(strToken,secret);
    }



}

The above code will be called when the user logs into the application. However, the token will expire after 60 minutes. I know that after the token has expired, I must return the user to enter the screen or update the token. I looked through the tips in here and here

But I do not understand the following.

, ? , , , , , . now<exp, .
? , , , . , login (, ) JWT, ?
java-jwt?

+1

java rest jersey jwt auth0

Yohan Weerasinghe 29 . '17 10:09

1

pedrofb · Accepted Answer · 2017-03-29T20:13:44+0000

, ? , , , , , .

. :

, . 10
, , " " api.

@GET
@Path("/jwt/refresh")
@Produces(MediaType.TEXT_HTML)
public String refresh(){
    //Build a returns a fresh JWT to client 
}

?

, , . "", , , JWT

,

java-jwt

How to handle JWT update correctly?

More articles: