In the previous recipe, you learned how to generate JWT access tokens at the Authorization Server side. Now it's time to know how to validate any given JWT access token that is symmetrically signed at the Resource Server side. When the client tries to access any OAuth 2.0 protected resource with a JWT, the Resource Server has to use the same signing key used by an Authorization Server to sign the payload, to verify if the content was not changed between requests by any malicious client or user.
Validating JWT tokens at the Resource Server side
Getting ready
To run this recipe, you will create a Spring Boot application with Java 8, Maven, Spring Web, and Spring Security. To ease the project creation step, use Spring Initializr...