Spring Oauth JWT - Refresh Token

Question

So, I have implemented Spring Oauth2 security with JWT token.

I can get the JWT access_tokens but refresh_token usage is what I don't understand fully. I can use the refresh_token to get new access_token and new refresh_token .

When I want to use the new refresh_token again I get the error which says that this token is invalid. If I use old refresh_token then I get the exception DuplicateKeyException, PreparedStatementCallback; SQL [insert into oauth_access_token (token_id, token, authentication_id, user_name, client_id, authentication, refresh_token) values (?, ?, ?, ?, ?, ?, ?)]; ERROR: duplicate key value violates unique constraint "oauth_access_token_pkey" DuplicateKeyException, PreparedStatementCallback; SQL [insert into oauth_access_token (token_id, token, authentication_id, user_name, client_id, authentication, refresh_token) values (?, ?, ?, ?, ?, ?, ?)]; ERROR: duplicate key value violates unique constraint "oauth_access_token_pkey"

This is DDL of the oauth_access_token table:

CREATE TABLE oauth_access_token (
    token_id varchar(510) NULL DEFAULT NULL::character varying,
    token bytea NULL,
    authentication_id varchar(510) NOT NULL,
    user_name varchar(510) NULL DEFAULT NULL::character varying,
    client_id varchar(510) NULL DEFAULT NULL::character varying,
    authentication bytea NULL,
    refresh_token varchar(510) NULL DEFAULT NULL::character varying,
    CONSTRAINT oauth_access_token_pkey PRIMARY KEY (authentication_id)
)
WITH (
    OIDS=FALSE
);

If I remove the constraint oauth_access_token_pkey then it works fine, but then the the table contains N token rows, instead of 1, and new tokens cant be issued because of the IncorrectResultSizeDataAccessException .

What should I do to make refresh token work?

Answer 1

I solved this "issue" with JwtTokenStore instead of JdbcTokenStore. JWT tokens should be stateless, but I stored them in a database, and that caused the issues.