In the previous recipe, you learned how to generate JWT access tokens at the Authorization Server side. Now it's time to know how to validate any given JWT access token that is symmetrically signed at the Resource Server side. When the client tries to access any OAuth 2.0 protected resource with a JWT, the Resource Server has to use the same signing key used by an Authorization Server to sign the payload, to verify if the content was not changed between requests by any malicious client or user.
To run this recipe, you will create a Spring Boot application with Java 8, Maven, Spring Web, and Spring Security. To ease the project creation step, use Spring Initializr at http://start.spring.io/ and define the dependencies as Web
and Security
(that will declare properly all the Spring Boot starters needed for this recipe).