1

I created this endpoint to authenticate user:

@PostMapping("/authorize") public String login(@Valid @RequestBody AuthenticationDTO resetDTO) { return userRestService.authorize(resetDTO.getName(), resetDTO.getPassword()); }

After successful authentication token is returned. For example:

eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImF1dGgiOlt7ImF1dGhvcml0eSI6IlJPTEVfQURNSU4ifV0sImlhdCI6MTU5MzUzMjE4NiwiZXhwIjoxNTkzNTMyNDg2fQ.gevNLXsfe8F4MnfDZJK5GhhFn0MskoQejfUUqQjh0d_sa-wyloRf2zOQIhBkn1OEDR4ZyRvIhhEtWPrH33cLPg

What are the best practices for return DTO format related to JWT token after authentication? For example is it a good idea to return the token into the format like

{ Bearer eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhZG1pbiIsImF1dGgiOlt7ImF1dGhvcml0eSI6IlJPTEVfQURNSU4ifV0sImlhdCI6MTU5MzUzMjE4NiwiZXhwIjoxNTkzNTMyNDg2fQ.gevNLXsfe8F4MnfDZJK5GhhFn0MskoQejfUUqQjh0d_sa-wyloRf2zOQIhBkn1OEDR4ZyRvIhhEtWPrH33cLPg }

What are the good practices in that case?

Improve this question

1 Answer 1

Reset to default
2

There are not really good practice except when returning JSON always return object (always wrap arrays, numbers, string in a top level object). For your specific use case, you could take example on the oauth2 authorization framework and return something like:

HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "access_token":"2YotnFZFEjr1zCsicMWpAA", "token_type":"Bearer", "expires_in":3600, }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.