my question about new Spring-Security-Authorization-Server
, i create auth-server and resource-server, and generating public and private keys in auth-server. I set jwkSetUri in resource-server, can't understand how resource-server checks token. Who understood how the verification principle works, how should I implement it correctly?
My purpose get correct implementation of new auth server and resource server.
I found the answer after reading the book how to work with asymmetric keys, we generate a token based on public and private keys in the auth-server
, and we have an address for the public key /oauth2/jwks
with which the resource-server
checks whether this jwt is really generated by auth-server