diff --git a/.yo-rc.json b/.yo-rc.json
index 3fd51cfa3f4e4bebaf24f119a8ae70a6b88fcea4..4131df4ac84b3180a7785fd8f6d1076d758170e9 100644
--- a/.yo-rc.json
+++ b/.yo-rc.json
@@ -30,14 +30,19 @@
     "clientTheme": "none",
     "clientThemeVariant": "",
     "creationTimestamp": 1593593458485,
-    "testFrameworks": ["protractor"],
+    "testFrameworks": [
+      "protractor"
+    ],
     "jhiPrefix": "jhi",
     "entitySuffix": "",
     "dtoSuffix": "DTO",
     "otherModules": [],
     "enableTranslation": true,
     "nativeLanguage": "en",
-    "languages": ["en", "de"],
+    "languages": [
+      "en",
+      "de"
+    ],
     "blueprints": []
   }
 }
diff --git a/src/main/java/at/ac/uibk/gitsearch/config/SecurityConfiguration.java b/src/main/java/at/ac/uibk/gitsearch/config/SecurityConfiguration.java
index 3a9a6c0ee16569637a39799ab56029b7c4c616c6..654405690ae949bd9d4e0f4b5c44ed5d72c6e135 100644
--- a/src/main/java/at/ac/uibk/gitsearch/config/SecurityConfiguration.java
+++ b/src/main/java/at/ac/uibk/gitsearch/config/SecurityConfiguration.java
@@ -2,10 +2,16 @@ package at.ac.uibk.gitsearch.config;
 
 import static org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
 
+import java.io.IOException;
 import java.net.URI;
+import java.security.Principal;
+import java.util.Collection;
 import java.util.Collections;
 
 import javax.servlet.DispatcherType;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
@@ -19,15 +25,19 @@ import org.springframework.http.MediaType;
 import org.springframework.http.RequestEntity;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
@@ -38,6 +48,9 @@ import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
+import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtDecoders;
@@ -45,6 +58,8 @@ import org.springframework.security.oauth2.jwt.JwtValidators;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
 import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.security.web.csrf.CsrfFilter;
 import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
@@ -128,12 +143,12 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
             .deny()
         .and()
             .sessionManagement()
-            // We need a stateful session management here!
-//            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
         .and()
             .authorizeRequests()
             .antMatchers("/oauth2/**").permitAll()
             .antMatchers("/api/authenticate").permitAll()
+            .antMatchers("/api/refreshToken").permitAll()
             .antMatchers("/api/register").denyAll()
             .antMatchers("/api/activate").permitAll()
             .antMatchers("/api/account/reset-password/init").permitAll()
@@ -148,7 +163,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
         .and()
         .apply(securityConfigurerAdapter())
         .and()
-            .oauth2Login()
+            .oauth2Login().successHandler(getAuthenticationSuccessHandler())
         .and()
             .oauth2ResourceServer() // .bearerTokenResolver(bearerTokenResolver)
                 .jwt()
@@ -321,6 +336,120 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     	}
     
 
+    }
+    
+   public AuthenticationSuccessHandler getAuthenticationSuccessHandler() {
+	   SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport successHandler = new SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport(tokenProvider);
+	   return successHandler;
+   }
+    
+    /**
+     * allows for a redirect with a fragment that encodes a short lived JWT-Token
+     * @author Michael Breu
+     *
+     */
+    public static class SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport extends SavedRequestAwareAuthenticationSuccessHandler {
+
+    	protected TokenProvider tokenProvider;
+    	
+    	
+		public SavedRequestAwareAuthenticationSuccessHandlerWithJWTSupport(TokenProvider tokenProvider) {
+			super();
+			this.tokenProvider = tokenProvider;
+		}
+
+
+		@Override
+		protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response,
+				Authentication authentication) {
+			String plainTargetUrl =  super.determineTargetUrl(request, response, authentication);
+			
+			Authentication authenticationForToken = authentication;
+			if (authentication instanceof OAuth2AuthenticationToken) {
+				OAuth2AuthenticationToken oAuthA = (OAuth2AuthenticationToken) authentication;
+				String mail = ((OidcUser) ((OAuth2AuthenticationToken) authentication).getPrincipal()).getEmail();
+				String idToken = oAuthA.getPrincipal().getAttribute("idToken");
+				authenticationForToken = new SimpleAuthentication(new SimplePrincipal(mail), authentication.getAuthorities());
+				authenticationForToken.setAuthenticated(authentication.isAuthenticated());
+			}
+			String token = tokenProvider.createToken(authenticationForToken, 200000L); // 200 secs (for Debugging)
+			return plainTargetUrl + "#requestToken=" + token;
+		}
+    	
+		
+		
+    }
+    
+    public static class SimplePrincipal implements Principal {
+
+    	protected String name;
+    	
+    	
+		public SimplePrincipal(String name) {
+			super();
+			this.name = name;
+		}
+
+		@Override
+		public String getName() {
+			return name;
+		}
+    	
+    }
+    
+    public static class SimpleAuthentication implements Authentication {
+
+    	/**
+		 * 
+		 */
+		private static final long serialVersionUID = -791646857551363545L;
+
+		private Principal principal;
+
+		Collection<? extends GrantedAuthority> authorities;
+
+    	public SimpleAuthentication(Principal principal, Collection<? extends GrantedAuthority> authorities) {
+			super();
+			this.principal = principal;
+			this.authorities = authorities;
+		}
+
+		@Override
+		public String getName() {
+			return principal.getName();
+		}
+
+		@Override
+		public Collection<? extends GrantedAuthority> getAuthorities() {
+			return authorities;
+		}
+
+		@Override
+		public Object getCredentials() {
+			return null;
+		}
+
+		@Override
+		public Object getDetails() {
+			return null;
+		}
+
+		@Override
+		public Object getPrincipal() {
+			return principal;
+		}
+
+		private boolean authenticated = false;
+		@Override
+		public boolean isAuthenticated() {
+			return authenticated;
+		}
+
+		@Override
+		public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
+			authenticated = isAuthenticated;
+		}
+    	
     }
 }
 
diff --git a/src/main/java/at/ac/uibk/gitsearch/security/jwt/TokenProvider.java b/src/main/java/at/ac/uibk/gitsearch/security/jwt/TokenProvider.java
index 3fad284bf1dfb48c9dca8d5ad454eb30720e9431..0486112392b9f7c021351d9610ccbf1a3efc019b 100644
--- a/src/main/java/at/ac/uibk/gitsearch/security/jwt/TokenProvider.java
+++ b/src/main/java/at/ac/uibk/gitsearch/security/jwt/TokenProvider.java
@@ -60,26 +60,41 @@ public class TokenProvider {
                 .getTokenValidityInSecondsForRememberMe();
     }
 
+    /**
+     * creates a token for authentication with validity determined by rememberMe.
+     * @param authentication
+     * @param rememberMe
+     * @return
+     */
     public String createToken(Authentication authentication, boolean rememberMe) {
-        String authorities = authentication.getAuthorities().stream()
+        long validity = rememberMe
+        		?tokenValidityInMillisecondsForRememberMe
+        		:tokenValidityInMilliseconds;
+
+        return createToken(authentication, validity);
+    }
+
+    /**
+     * creates a token from authentication given by validity (im msec)
+     * @param authentication the authentication
+     * @param validity validity in msec
+     * @return
+     */
+	public String createToken(Authentication authentication, long validity) {
+        Date endTime = new Date(System.currentTimeMillis() + validity);
+
+		String authorities = authentication.getAuthorities().stream()
             .map(GrantedAuthority::getAuthority)
             .collect(Collectors.joining(","));
 
-        long now = (new Date()).getTime();
-        Date validity;
-        if (rememberMe) {
-            validity = new Date(now + this.tokenValidityInMillisecondsForRememberMe);
-        } else {
-            validity = new Date(now + this.tokenValidityInMilliseconds);
-        }
 
         return Jwts.builder()
             .setSubject(authentication.getName())
             .claim(AUTHORITIES_KEY, authorities)
             .signWith(key, SignatureAlgorithm.HS512)
-            .setExpiration(validity)
+            .setExpiration(endTime)
             .compact();
-    }
+	}
 
     public Authentication getAuthentication(String token) {
         Claims claims = Jwts.parserBuilder()
diff --git a/src/main/java/at/ac/uibk/gitsearch/web/rest/UserJWTController.java b/src/main/java/at/ac/uibk/gitsearch/web/rest/UserJWTController.java
index aef04b589c81c4485349813ea6f58a1444a51b58..b209d27ca69cde8fa171522ec1e227f003bb3083 100644
--- a/src/main/java/at/ac/uibk/gitsearch/web/rest/UserJWTController.java
+++ b/src/main/java/at/ac/uibk/gitsearch/web/rest/UserJWTController.java
@@ -47,6 +47,21 @@ public class UserJWTController {
         httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
         return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
     }
+    
+    @PostMapping("/refreshToken")
+    public ResponseEntity<JWTToken> authorize(@RequestParam("token") String token) {
+    	if(!tokenProvider.validateToken(token)) {
+    		return new ResponseEntity<>(null, HttpStatus.UNAUTHORIZED);
+    	} else {
+    		 Authentication authentication = tokenProvider.getAuthentication(token);
+   	         SecurityContextHolder.getContext().setAuthentication(authentication);
+   	        String jwt = tokenProvider.createToken(authentication, false);
+   	        HttpHeaders httpHeaders = new HttpHeaders();
+   	        httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
+   	        return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
+    	}
+    }
+    
     /**
      * Object to return as body in JWT Authentication.
      */
diff --git a/src/main/webapp/app/core/auth/auth-jwt.service.ts b/src/main/webapp/app/core/auth/auth-jwt.service.ts
index 5fb3e6f8e0cd68227f1c3deff604f6580d5b57c9..90564bb460fd02593b34e28c9495763c24bd100d 100644
--- a/src/main/webapp/app/core/auth/auth-jwt.service.ts
+++ b/src/main/webapp/app/core/auth/auth-jwt.service.ts
@@ -1,5 +1,5 @@
 import { Injectable } from '@angular/core';
-import { HttpClient } from '@angular/common/http';
+import { HttpClient, HttpParams } from '@angular/common/http';
 import { Observable } from 'rxjs';
 import { map } from 'rxjs/operators';
 import { LocalStorageService, SessionStorageService } from 'ngx-webstorage';
@@ -25,6 +25,13 @@ export class AuthServerProvider {
       .pipe(map(response => this.authenticateSuccess(response, credentials.rememberMe)));
   }
 
+  refreshToken(tokenX: string): Observable<void> {
+	const tokenParam = new HttpParams().set('token', tokenX);
+    return this.http
+      .post<JwtToken>(SERVER_API_URL + 'api/refreshToken', tokenParam )
+      .pipe(map(response => this.authenticateSuccess(response, false)));
+	}
+
   logout(): Observable<void> {
     return new Observable(observer => {
       this.$localStorage.clear('authenticationToken');
diff --git a/src/main/webapp/app/layouts/main/main.component.ts b/src/main/webapp/app/layouts/main/main.component.ts
index a9c86b649cd2c2cc5eda0e9c5f48826251b1d3ba..f3e0be547b23a6121f2321c5ef1bff38f89e6111 100644
--- a/src/main/webapp/app/layouts/main/main.component.ts
+++ b/src/main/webapp/app/layouts/main/main.component.ts
@@ -4,6 +4,7 @@ import { Router, ActivatedRouteSnapshot, NavigationEnd, NavigationError } from '
 import { TranslateService, LangChangeEvent } from '@ngx-translate/core';
 
 import { AccountService } from 'app/core/auth/account.service';
+import { AuthServerProvider } from 'app/core/auth/auth-jwt.service';
 
 @Component({
   selector: 'jhi-main',
@@ -17,7 +18,8 @@ export class MainComponent implements OnInit {
     private titleService: Title,
     private router: Router,
     private translateService: TranslateService,
-    rootRenderer: RendererFactory2
+    rootRenderer: RendererFactory2,
+	private authServerProvider: AuthServerProvider
   ) {
     this.renderer = rootRenderer.createRenderer(document.querySelector('html'), null);
   }
@@ -40,8 +42,39 @@ export class MainComponent implements OnInit {
 
       this.renderer.setAttribute(document.querySelector('html'), 'lang', langChangeEvent.lang);
     });
+
+	this.routeEvent(this.router);
   }
 
+	private routeEvent(router: Router):void {
+	  router.events.subscribe(e => {
+	    if(e instanceof NavigationEnd){
+	      this.checkRequestToken();
+	    }
+	  });
+}
+  private checkRequestToken(): void {
+	const fr = this.router.parseUrl(this.router.url).fragment;
+	
+		if(fr) {
+			 const regexp = /requestToken=(\w+)/;
+			if(regexp.test(fr)) {
+				const token = fr.replace(regexp, "$1");
+				if(token && token.length> 20)
+					this.authServerProvider.refreshToken(token)
+			      .subscribe(
+			        () => {
+						this.accountService.identity(true).subscribe();
+			            this.router.navigate(['']);
+			        },
+			        () => {
+						 const xxx = "abc";
+						}
+			      );			}
+		}
+    }
+  
+
   private getPageTitle(routeSnapshot: ActivatedRouteSnapshot): string {
     let title: string = routeSnapshot.data && routeSnapshot.data['pageTitle'] ? routeSnapshot.data['pageTitle'] : '';
     if (routeSnapshot.firstChild) {