Implementing Secure Refresh Tokens in Spring Boot | #2 | Spring Boot JWT

Refresh tokens are used to generate new access tokens once the original access token expires. This allows users to stay signed in without re-entering their credentials every time a token expires, improving the user experience. In my last video, I showed how to generate a Refresh Token. In this video, I have discussed how to use it. ✅ *For branding and Business inquiries* ► learnwithiftekhar@gmail.com 🎉 *Get IntelliJ Idea 100% for 3 Months:* https://www.jetbrains.com/store/redeem/ 👉 *Use Promo Code:* LearnWithIfte 👉 *Master programming by recreating your favorite technologies*: https://app.codecrafters.io/join?via=learnwithiftekhar ▶️ JWT Logout: https://youtu.be/OpSU0VgfkL4 ▶️ Refresh Token: https://youtu.be/nvwKwsJg89E 📘 Resources Mentioned: 🧑‍💻 Source Code: https://github.com/hello-iftekhar/springJwt 🔐 *Secure 3 Spring Boot endpoints in 30 minutes (free guide):* https://learnwithiftekhar.kit.com/secure-your-api-in-30-minutes 🙊 Here are the tools and resources I use in my videos: 🌐 Secure your connection with NordVPN: https://nordvpn.sjv.io/o4zYan IDE I use for coding * IntelliJ Idea Ultimate * VsCode * Sublime 🤚 In case you want to contact me: ❌ My LinkedIn profile: https://www.linkedin.com/in/hossain-md-iftekhar/ ❌ Github: https://github.com/learnwithiftekhar *Note:* Some of the links in this description are affiliate links, and I may earn a small commission if you make a purchase through them. Thank you for your support. Contents: 0:00: Setting up the Refresh Token Endpoint and Initial Method Structure 1:16: Implementing Refresh Token Logic: Extracting Token and Authorization Checks 2:46: Extracting Username and Validating User and Refresh Token 4:23: Generating New Access and Refresh Tokens 5:55: Configuring Endpoint Whitelisting and Initial Token Generation Test 7:27: Testing New Access Token and Preparing for 24-Hour Expiration Test 9:02: Demonstrating Refresh Token Usage After Access Token Expiration 10:34: Introducing Logout Invalidation Issue and Database Column Addition 12:11: Modifying Token Model and Service Methods for Refresh Token Storage 13:48: Implementing Refresh Token Validation in JWT Service and Repository 15:29: Final Test: Invalidating Refresh Token on Logout 17:10: Conclusion and Introduction to Asymmetric Signing Algorithms