To be able to run tests locally and fully automated with APIs that are secured using OAuth 2.0 and OpenID Connect, we will add an OAuth 2.0-based authorization server to our system landscape. Spring Security 5.1 does not, unfortunately, provide an authorization server out of the box. But there is a legacy project (currently in maintenance mode), Spring Security OAuth, that provides an authorization server that we can use.
In fact, in the samples provided by Spring Security 5.1, a project using the authorization server from Spring Security OAuth is available. It is configured to use JWT-encoded access tokens, and it also exposes an endpoint for a JSON Web Key Set (JWKS) (part of the OpenID Connect Discovery standard), a set of keys containing the public keys that can be used by resource servers...