spring-security/docs/modules/ROOT/pages/reactive/oauth2/resource-server/index.adoc

[[webflux-oauth2-resource-server]]
= OAuth 2.0 Resource Server

Spring Security supports protecting endpoints using two forms of OAuth 2.0 https://tools.ietf.org/html/rfc6750.html[Bearer Tokens]:

* https://tools.ietf.org/html/rfc7519[JWT]
* Opaque Tokens

This is handy in circumstances where an application has delegated its authority management to an https://tools.ietf.org/html/rfc6749[authorization server] (for example, Okta or Ping Identity).
This authorization server can be consulted by resource servers to authorize requests.

[NOTE]
====
A complete working example for {gh-samples-url}/reactive/webflux/java/oauth2/resource-server[*JWTs*]  is available in the {gh-samples-url}[Spring Security repository].
====