JWT Articles
-
How to Implement JWT Refresh Tokens with Spring Security
A guide to issuing, rotating, and revoking access tokens and refresh tokens in Spring Boot, including Redis persistence and reuse detection.
-
Understanding Spring Security CSRF Protection Correctly - Configuration Differences Between REST APIs and Web Applications
Explains why POST requests return 403 in Spring Security from the perspective of how CSRF works. Covers why csrf().disable() is the correct approach for REST APIs, why it should be enabled for Thymeleaf form-based apps, along with implementation examples using Spring Security 6's Lambda DSL.
-
How to Configure Spring Boot as an OAuth2 Resource Server - Implementing JWT Validation and Scope-Based Authorization
A guide to validating JWTs issued by external IdPs such as Keycloak, Cognito, and Auth0 using Spring Security's resource server features, and implementing scope- and claim-based authorization.
-
Spring Boot JWT Authentication with Spring Security (Tutorial)
Build JWT authentication for a Spring Boot REST API from scratch. Covers token generation, validation, JwtAuthenticationFilter, and SecurityFilterChain configuration with complete code examples.