How to properly revoke authorization after token expiration?

  • 0
    There is an authorization service for Spring Security

    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
              .authorizedGrantTypes("password", "authorization_code", "refresh_token")

    Customer available

    public void configure(HttpSecurity http) throws Exception {
                    .antMatchers("/login", "/logout").permitAll()

    The client is authorized and refreshes the authorization without any problems using the refresh_token, but if the refresh_token lifetime has expired, the client continues to consider that the user is authorized. Although the authorization service returned the error "Handling error: InvalidTokenException, Invalid refresh token (expired): eyJhbG ...."

    How to properly configure authorization so that after the token lifetime expires, the user is redirected to the authorization page?
    Java Anonymous, Oct 28, 2020

  • 0 Answers
Your Answer
To place the code, please use CodePen or similar tool. Thanks you!