In the previous recipe, you learned how to generate JWT access tokens at the Authorization Server side using asymmetric keys. Now it's time to know how to validate any given JWT access token asymmetrically signed at the Resource Server side. Now instead of statically setting up the key to validate the access token, the Resource Server will retrieve the public key through the /oauth2/token_key
endpoint provided by the Authorization Server. It gives flexibility to the OAuth Provider and helps with maintainability.
To run this recipe, you will need to create a Spring Boot project for the Resource Server using Java 8, Maven, Spring Web, and Spring Security. Some dependencies will be presented in theHow to do it... section.