JWT (JWS) - Asymmetric signing and refresh token

Question

I'm struggling with a refresh token

1) Does the asymmetric signing of JWT tokens support the issuing of refresh tokens?

2) Why my Authorization Server is not issuing a refresh token based on the below configuration?

@Configuration
@EnableAuthorizationServer
public class AuthorizationServiceConfig extends AuthorizationServerConfigurerAdapter {

    ...

    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        TokenEnhancerChain chain=new TokenEnhancerChain();
        chain.setTokenEnhancers(Arrays.asList(tokenEnhancer, accessTokenConverter()));
        endpoints
                .authenticationManager(authenticationManager)
                .tokenStore(jwtTokenStore())
                .tokenEnhancer(chain)
                .accessTokenConverter(accessTokenConverter())
                .reuseRefreshTokens(false);
    }    


    //Assymetric Key Signing
    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter=new JwtAccessTokenConverter();
        try{
            KeyPairGenerator keyPairGenerator=KeyPairGenerator.getInstance("RSA");
            SecureRandom random=SecureRandom.getInstance("SHA1PRNG");
            keyPairGenerator.initialize(1024, random);
            KeyPair keyPair=keyPairGenerator.generateKeyPair();
            jwtAccessTokenConverter.setKeyPair(keyPair);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return jwtAccessTokenConverter;
    }

    @Bean
    public JwtTokenStore jwtTokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @Bean
    @Primary
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(jwtTokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        return defaultTokenServices;
    }

}

Answer 1

Authorization server optionally issues refresh token at the time of issuing access token. Grant types authorization server might be supporting are: authorization_code, password, client_credentials, implicit, or refresh_token. Spring OAuth2 Boot application by default provides support for clients for all above listed grant type flows, as long as you provide your AuthorizationServerConfigurerAdapter implementation then we need to specify grant types for clients by overriding configure(ClientDetailsServiceConfigurer clients) of AuthorizationServerConfigurerAdapter class as following example:

        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception{
            clients.inMemory()
            .withClient("your_client_id")
            .secret("your_client_secret_encoded")
            .authorizedGrantTypes("client_credentials","refresh_token")  <<--- here
            .scopes("user_info")
            .redirectUris(uri_1,uri_2,uri_n);
        }

so you will get access token along with refresh token now.

Helpful material: read

See solution in my 2nd comment.