Lesson 14 - Using Opaque Tokens - Introspection

2 server will be made authencitation server and resource server

first withClient is real app client and second withClient is for resource server(faking it , for "isauthenticated()" )

 

 

first get access token from authentication server

checking access token maunally -> we don't need to do this because resource server has configured this by writing this on application.properties

server.port=9090

security.oauth2.resource.token-info-uri=http://localhost:8080/oauth/check_token

security.oauth2.client.client-id=resourceserver
security.oauth2.client.client-secret=12345

by using access token -> access resource server -> resource server validate token by delegating checking to authentication server -> we are now granted to access resource server