Polish Resource Server JWT Docs

Issue gh-5935
This commit is contained in:
Josh Cummings 2020-03-24 15:35:03 -06:00
parent 8872d8b7d0
commit dcacd06360
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
1 changed files with 3 additions and 3 deletions

View File

@ -77,12 +77,12 @@ So long as this scheme is indicated, Resource Server will attempt to process the
Given a well-formed JWT, Resource Server will: Given a well-formed JWT, Resource Server will:
1. Validate its signature against a public key obtained from the `jwks_url` endpoint during startup and matched against the JWTs header 1. Validate its signature against a public key obtained from the `jwks_url` endpoint during startup and matched against the JWT
2. Validate the JWTs `exp` and `nbf` timestamps and the JWTs `iss` claim, and 2. Validate the JWT's `exp` and `nbf` timestamps and the JWT's `iss` claim, and
3. Map each scope to an authority with the prefix `SCOPE_`. 3. Map each scope to an authority with the prefix `SCOPE_`.
[NOTE] [NOTE]
As the authorization server makes available new keys, Spring Security will automatically rotate the keys used to validate the JWT tokens. As the authorization server makes available new keys, Spring Security will automatically rotate the keys used to validate JWTs.
The resulting `Authentication#getPrincipal`, by default, is a Spring Security `Jwt` object, and `Authentication#getName` maps to the JWT's `sub` property, if one is present. The resulting `Authentication#getPrincipal`, by default, is a Spring Security `Jwt` object, and `Authentication#getName` maps to the JWT's `sub` property, if one is present.