@@ -83,19 +83,16 @@ private String buildToken(String username, String userId, String tokenType, long
8383 * @return Claims if valid, null if invalid (expired or denylisted)
8484 */
8585 public Claims validateToken (String token ) {
86- // Check if the token is blacklisted (invalidated by force logout)
87- if (tokenDenylist .isTokenDenylisted (getJtiFromToken (token ))) {
88- return null ; // Token is denylisted, so return null
89- }
90-
91- // Check if the token is expired
92- if (isTokenExpired (token )) {
93- return null ; // Token is expired, so return null
94- }
95-
96- // If token is not blacklisted and not expired, verify the token signature and return claims
9786 try {
98- return Jwts .parser ().verifyWith (getSigningKey ()).build ().parseSignedClaims (token ).getPayload ();
87+ Claims claims = Jwts .parser ().verifyWith (getSigningKey ()).build ().parseSignedClaims (token ).getPayload ();
88+ String jti = claims .getId ();
89+
90+ // Check if token is denylisted (only if jti exists)
91+ if (jti != null && tokenDenylist .isTokenDenylisted (jti )) {
92+ return null ;
93+ }
94+
95+ return claims ;
9996 } catch (ExpiredJwtException ex ) {
10097
10198 return null ; // Token is expired, so return null
@@ -104,16 +101,6 @@ public Claims validateToken(String token) {
104101 }
105102 }
106103
107- /**
108- * Check if the JWT token is expired
109- * @param token the JWT token
110- * @return true if expired, false otherwise
111- */
112- private boolean isTokenExpired (String token ) {
113- Date expirationDate = getAllClaimsFromToken (token ).getExpiration ();
114- return expirationDate .before (new Date ());
115- }
116-
117104 /**
118105 * Extract claims from the token
119106 * @param token the JWT token
0 commit comments