JWT Articles
-
How to Implement JWT Refresh Tokens with Spring Security
A guide to issuing, rotating, and revoking access tokens and refresh tokens in Spring Boot, including Redis persistence and reuse detection.
-
Understanding Spring Security CSRF Protection Correctly - Configuration Differences Between REST APIs and Web Apps
Solve the cause of POST returning 403 in Spring Security by understanding the CSRF mechanism. From why `csrf().disable()` is correct for REST APIs, the required settings for Thymeleaf forms, to AJAX support via `CookieCsrfTokenRepository.withHttpOnlyFalse()`, organized with Spring Security 6 Lambda DSL implementation examples.
-
How to Configure Spring Boot as an OAuth2 Resource Server - Implementing JWT Validation and Scope-Based Authorization
A guide to validating JWTs issued by external IdPs such as Keycloak, Cognito, and Auth0 using Spring Security's resource server features, and implementing scope- and claim-based authorization.
-
Spring Boot JWT Authentication with Spring Security (Tutorial)
Build JWT authentication for a Spring Boot REST API from scratch. Covers token generation, validation, JwtAuthenticationFilter, and SecurityFilterChain configuration with complete code examples.