Skip to content

Spring 5 Oauth2 – How to provide the check token URL in my Resource server?

I need some help..

I set up an AuthorizationServer using @EnableAuthorizationServer from Spring-security-oauth2 for grant type “client_credentials”. Able to create, check tokens and everything good with this.

/oauth/token
/oauth/checkToken

Followed this sample for Authorization server

I have a separate project that has the REST APIs to be secured. I can’t use @EnableResourceServer because that project uses Spring 5.2.8 and the spring-security-oauth2 2.5 is causing conflicts (because it uses 4.x Spring jars and excluding them is causing more issues) while deploying over Weblogic, so I am using this sample.

Now in this sample how do I just provide a Checktoken url. This sample wants a JWT json type of file but I dont have it. I just want to keep it simple and use the checktoken url of the authorization server I created, similar to how @EnableResourceServer works.(like provided here except without @EnableResourceServer)

Where do I provide that? Any immediate help appreciated.

Answer

I ended up using the JWT sample Spring had provided, which gets the JWT public keys for verification on the resource server. Follow the auth and resource server provided in Spring source sample project.

Works good so far until we migrate to a better IDM solution