hi folks, I wrote about enabling authorization on a Kotlin+Spring Boot backend, using JWTs, in case it’s interesting for you: https://hceris.com/authorize-spring-backend-with-jwt-in-kotlin/

I like to do it in a

RememberMeService

personally. Have it create an

AccessTokenAuthentication

.

so the service persists the session?

no - it’s stateless. The

RemembeMeService

in spring is given an opportunity to

Authenticate

a user before the request is processed. Typically by looking at cookies or something - but you can use it to look at a header and pull an access token (jwt) out and Authenticate with that.

oh I see, didn’t know that. Thanks for the tip!