Simple Token Authentication for Java Apps

Simple Token Authentication for Java Apps

This article explores the benefits of token authentication with JWTs for Java apps.


"this time including your token (depending on how much time has passed, you may need to request a fresh token):" can time to expiry be fixed per token or its always a constant value?

Matt Raible

You can change the expiry time by setting up a policy rule. By default, the ID and Access Tokens are valid for 60 min and the Refresh is 100 days. https://uploads.disquscdn.c…


I am seeing below error message

additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter’
2021-02-07 07:37:28.531 DEBUG [601f98b8f362e8c4fea5db15157bf77c,fea5db15157bf77c,true] 15420 — [nio-8080-exec-1] p.a.OAuth2AuthenticationProcessingFilter : Authentication request failed: error=“invalid_token”, error_description=“Invalid access token: eyJraWQiOiJzSlBLNlRpbGkxTU0ySzc3VC12RlJ3LVJzSm1LMUhQaVdJdkFYMy1WRUJJIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULlY4SmwxZDdNcmpNT0F1ajJrVzIxUkZENEhHZkRuRWFSWmNTSzBvMVZnbFkiLCJpc3MiOiJodHRwczovL2Rldi00MzY1NzQxLm9rdGEuY29tL29hdXRoMi9kZWZhdWx0IiwiYXVkIjoiYXBpOi8vZGVmYXVsdCIsImlhdCI6MTYxMjY4MTY4OCwiZXhwIjoxNjEyNjg1Mjg4LCJjaWQiOiIwb2FrYWJhN0NDWFkxTFJDNzVkNSIsInNjcCI6WyJjdXN0b21TY29wZSJdLCJzdWIiOiIwb2FrYWJhN0NDWFkxTFJDNzVkNSJ9.wGElBYS60RjIzQJewC7y6wrUnXbzeqLBdsnQpTCxqZYAzp9O0-jTwSii6gabb8uDDt2npOuqUrd0rd4H1JANoD_g1q6eGlXDwzjUovkkHu7C1jaBp4KPMRI87m9YD9a9U7c4wivsP-j69j1CjWkXbGaINpB9f2Hp7-Y9D7_SI0tXuAzUIqsJwTNS48MzccJyWSRjxZGPs_fSVIImFTsRnWvjKawr0UvUHuvYZzT15VqHMUCUf-ybZIF9kcOpaX0CpkXTEOlZv5_KrqRGgaQPKrV68k7gsP5w2aUrL-wAMQh248mHdJmKml3fkmtjbBarUro8k9EPJBMDa5WzhbgO7A”

Matt Raible

Are you using the default authorization server for your issuer? If you use your org’s authorization server, you can’t validate tokens and you’ll get an error similar to the one you posted here. See our Authorization Servers documentation for more information.


Got the same error following this blog.
In my case the problem appeared to be because of using the newest library versions
After removing the deprecated @EnableResourceServer annotation, error disappeared

I am using okta and enabled resourceServer for jwt validation. However when i am sending the token the first request is taking a lot of time to execute almost 1min. The subsequent request takes less then a second.

Are you on a slow internet connection? If you try configuring our okta-spring-boot-sample, does it happen with it too?

I noticed you posted this question on Stack Overflow too. Please don’t post your question in two places. We see them both and it just creates more work for us to answer in both places.