javaspring-security-oauth2private-keyauthorization-serverspring-resource-server

Spring Security Authorization Server


my question about new Spring-Security-Authorization-Server, i create auth-server and resource-server, and generating public and private keys in auth-server. I set jwkSetUri in resource-server, can't understand how resource-server checks token. Who understood how the verification principle works, how should I implement it correctly?

My purpose get correct implementation of new auth server and resource server.


Solution

  • I found the answer after reading the book how to work with asymmetric keys, we generate a token based on public and private keys in the auth-server, and we have an address for the public key /oauth2/jwks with which the resource-server checks whether this jwt is really generated by auth-server