I have an Angular app with Spring boot as backend. I have implemented Spring security with JWT authentication. The workflow is as follows
- Angular will call a create token end point which will return a JWT token
- Client will use this token for any subsequent api calls.
- There is a filter in the backend which will parse the token and if it is valid, will allow the user to proceed further
My question is related to refresh token. Let's say the expiry of the token is 15 minutes. If the user is logged in, I want the session to be active by generating a refresh token and send it back to the angular app. What is the best way of doing this?
I am not using OAUTH here, just jjwt library and spring security starter.