JWT Authentication with OAuth2 Resource Server and an external Authorization Server

Using Spring Boot’s inbuilt OAuth2 Resource Server to authenticate a REST API using JWTs issued by an external Authorization Server

Imesha Sudasingha
Geek Culture

--

Previously I had written about,

In those approaches, the JWT was issued by the REST API itself. When implementing SSO and enterprise solutions, JWTs are issued by an external authorization server. Therefore in this article, we are going to authenticate a Spring Boot REST API using JWTs issued by an external Authorization Server. Adhering to the best practice, we are going to use the Spring Boot’s inbuilt OAuth2 Resource Server to achieve that.

Update (18/01/2023): Update the article to use Spring Boot 3.

Update (17/01/2023): Updated the article to use Spring Boot 2.7.x. WebSecurityConfigurerAdapter had been deprecated and a bean of type SecurityFilterChain has been advised to be used instead. Source available at https://github.com/IMS94/spring-boot-jwt-auth-server/tree/spring-boot-2.7.x

--

--

Responses (4)