spring-security/docs/modules/ROOT/pages/reactive/oauth2/resource-server/index.adoc

[[webflux-oauth2-resource-server]]
= OAuth 2.0 Resource Server

Spring Security supports protecting endpoints using two forms of OAuth 2.0 https://tools.ietf.org/html/rfc6750.html[Bearer Tokens]:

* https://tools.ietf.org/html/rfc7519[JWT]
* Opaque Tokens

This is handy in circumstances where an application has delegated its authority management to an https://tools.ietf.org/html/rfc6749[authorization server] (for example, Okta or Ping Identity).
This authorization server can be consulted by resource servers to authorize requests.

[NOTE]
====
A complete working example for {gh-samples-url}/reactive/webflux/java/oauth2/resource-server[*JWTs*]  is available in the {gh-samples-url}[Spring Security repository].
====
Separate Resource Server Reactive Docs Issue gh-10367 2021-10-29 13:06:38 -06:00			`[[webflux-oauth2-resource-server]]`
			`= OAuth 2.0 Resource Server`

			`Spring Security supports protecting endpoints using two forms of OAuth 2.0 https://tools.ietf.org/html/rfc6750.html[Bearer Tokens]:`

			`* https://tools.ietf.org/html/rfc7519[JWT]`
			`* Opaque Tokens`

			`This is handy in circumstances where an application has delegated its authority management to an https://tools.ietf.org/html/rfc6749[authorization server] (for example, Okta or Ping Identity).`
			`This authorization server can be consulted by resource servers to authorize requests.`

			`[NOTE]`
			`====`
			`A complete working example for {gh-samples-url}/reactive/webflux/java/oauth2/resource-server[JWTs] is available in the {gh-samples-url}[Spring Security repository].`
			`====`