JWT Authentication with OAuth2 Resource Server and an external Authorization Server

Using Spring Boot’s inbuilt OAuth2 Resource Server to authenticate a REST API using JWTs issued by an external Authorization Server

Previously I had written about,

• How to implement JWT authentication with Spring Boot using OAuth2 Resource Server
• How to extend the JWT authentication approach to perform role based access control (RBAC)

In those approaches, the JWT was issued by the REST API itself. When implementing SSO and enterprise solutions, JWTs are issued by an external authorization server. Therefore in this article, we are going to authenticate a Spring Boot REST API using JWTs issued by an external Authorization Server. Adhering to the best practice, we are going to use the Spring Boot’s inbuilt OAuth2 Resource Server to achieve that.

Update (18/01/2023): Update the article to use Spring Boot 3.

Update (17/01/2023): Updated the article to use Spring Boot 2.7.x. WebSecurityConfigurerAdapter had been deprecated and a bean of type SecurityFilterChain has been advised to be used instead. Source available at https://github.com/IMS94/spring-boot-jwt-auth-server/tree/spring-boot-2.7.x…