This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.3.4!

OAuth 2.0 Resource Server

Spring Security supports protecting endpoints by offering two forms of OAuth 2.0 Bearer Tokens:

  • JWT

  • Opaque Tokens

This is handy in circumstances where an application has delegated its authority management to an authorization server (for example, Okta or Ping Identity). Resource serves can consult this authorization server to authorize requests.

A complete working example for JWT is available in the Spring Security repository.