Grab the code here axgr.dev/posts/spring-security-jwt/?

Like somebody would said: "Work like a charm" -Thank you a lot Alex!

Your /login implementation is great♥👍. Whats your opinion about handle /login in different way??. It goes to Manager (to validate username & password) and then going to Provider (to forming jwt). So no need to define /login in controller. That is how I am doing right now but not sure it is good or bad implementation. Because AFAIK in non-webflux security, there is no controller /login needed. So I think it should have same flow with non-webflux.

Thanks Alex, really educative and well presented content, helped me a lot

Thank you for the amazing job. I also want to see you coding spring webflux security using graphql and explaining how to react when the jwt token expires. Thank you.

Hi Alex. Thank you so much for such a clear example. I have some trouble with your code example. When an exception happens while a token is analyzed I receive a 401 HTTP error with the header "WWW-Authorization=Basic realm ...". How can I cause to it to send me the www-autorization=bearer?

@Alex - This is useful to get started. It would be helpful you had covered Oauth2 - Authorization Server, Oauth2 - Resource Server and Oauth2 protected REST resources seperately. If this is too much of asking then ignore :)

are you using record or something new from java 17? Coz the syntax was throwing me off

Hello, when I add firebase auth, the library does not appear. When I add storage, the library appears. Am auth does not appear. Help

how can we throw custom exception when we get token-expired or invalid-signature

hello alex, can you please do it for java

Thanks a lot

Thx you Alex

Super

Hi Alex I tested, the parser of jjwt can automatically throw "io.jsonwebtoken.ExpiredJwtException" when token is expired, so it's unnecessary to check it by user.

this wont work if i using oauth2.resourceserverspec.jwt