Spring Security Authorization Server

Question

my question about new Spring-Security-Authorization-Server, i create auth-server and resource-server, and generating public and private keys in auth-server. I set jwkSetUri in resource-server, can't understand how resource-server checks token. Who understood how the verification principle works, how should I implement it correctly?

My purpose get correct implementation of new auth server and resource server.

score 0 · Accepted Answer · answered Nov 24 '22 at 08:01

I found the answer after reading the book how to work with asymmetric keys, we generate a token based on public and private keys in the auth-server, and we have an address for the public key /oauth2/jwks with which the resource-server checks whether this jwt is really generated by auth-server

Spring Security Authorization Server

1 Answers1