This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.1.12!

OAuth 2.0 Resource Server

Spring Security supports protecting endpoints using two forms of OAuth 2.0 Bearer Tokens:

  • JWT

  • Opaque Tokens

This is handy in circumstances where an application has delegated its authority management to an authorization server (for example, Okta or Ping Identity). This authorization server can be consulted by resource servers to authorize requests.

A complete working example for JWTs is available in the Spring Security repository.