Handling Token Expiration
What is the best way to handle token-expiration in the Authentication provider?
Short description of what I've done: In my Authentication server, I have a props-file that configures the expiration time of the token ( for how long it is valid). I use this property when I create the token (in my implementation of AuthorizationServerTokenServices.createAccessToken () .
In the resource server, I have my MyResourceSrvTokenServices implements ResourceServerTokenServices, that is called by the OAuth2ProtectedResourceFilter. There, (in the loadAuthentication()). I make a validation-check if the token has expired. If expired - I throw "InvalidTokenException".
I see that this exception is caught by OAuth2ExceptionHandlerFilter.
1. Is this the best practice?
2. what suppose to happen on expiration? I thought that I would be redirected to the login screen and asked to enter credentials again.
3. what is exactly "refresh-token" and what is its part in this specific scenario?
I use M6...