spring-security/docs/modules/ROOT/pages/reactive/oauth2/resource-server/index.adoc

[[webflux-oauth2-resource-server]]
= OAuth 2.0 Resource Server

Spring Security supports protecting endpoints by offering two forms of OAuth 2.0 https://tools.ietf.org/html/rfc6750.html[Bearer Tokens]:

* https://tools.ietf.org/html/rfc7519[JWT]
* Opaque Tokens

This is handy in circumstances where an application has delegated its authority management to an https://tools.ietf.org/html/rfc6749[authorization server] (for example, Okta or Ping Identity).
Resource servers can consult this authorization server to authorize requests.

[NOTE]
====
A complete working example for {gh-samples-url}/reactive/webflux/java/oauth2/resource-server[JWT]  is available in the {gh-samples-url}[Spring Security repository].
====