...

Logout

To logout and invalidate the token, send the token in the Authorization header with the bearer scheme to the following endpoint:

/api/authn/logout

E.G.

curl -v "http://{spring-rest.url}/api/authn/logout" -H "Authorization: Bearer eyJhbG...COdbo"

This will log the user out on every device/browser.

JSON Web Token

The authentication token is JWT and is base64url encoded. For more information about JWT: https://jwt.io/introduction/

...

  This method should return a string, this string will be used as key for the claim (for example "eid" for the eperson id claim)

getValue(Context context, HttpServletRequest request): Object

  This method should return the value the value of the claim, This can be any object, as long as it is Serialisable.

parseClaim(Context, HttpServletRequest, JWTClaimSet)

  This method should parse the claim when someone issues a token. In this method you should handle what has to happen with it (for example setting special groups on the context object)

NOTE: add @Component to your ClaimProviders so Spring can find them.

Refresh Token

When a token is about to expire (Which can be checked with the exp claim), you can request a new token with a new expiration time (by default 30 minutes). To do so send the token to the login endpoint without "user" and "password" parameters. As a response you'll get a new freshly issued token (again in the Authorization header of the response).

E.G.

curl -v "http://{spring-rest.url}/api/authn/login" -H "Authorization: Bearer eyJhbG...COdbo"