Andy Wilkinson
commit
6a74f63143
|
|
@ -201,8 +201,21 @@ For JWT configuration, a JWK Set URI or OIDC Issuer URI needs to be specified, a
|
|||
NOTE: If the authorization server does not support a JWK Set URI, you can configure the resource server with the Public Key used for verifying the signature of the JWT.
|
||||
This can be done using the configprop:spring.security.oauth2.resourceserver.jwt.public-key-location[] property, where the value needs to point to a file containing the public key in the PEM-encoded x509 format.
|
||||
|
||||
The same properties are applicable for both servlet and reactive applications.
|
||||
The configprop:spring.security.oauth2.resourceserver.jwt.audiences[] property can be used to specifify the expected values of the aud claim in JWTs.
|
||||
For example, to require JWTs to contain an aud claim with the value `my-audience`:
|
||||
|
||||
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
|
||||
----
|
||||
spring:
|
||||
security:
|
||||
oauth2:
|
||||
resourceserver:
|
||||
jwt:
|
||||
audiences:
|
||||
- "my-audience"
|
||||
----
|
||||
|
||||
The same properties are applicable for both servlet and reactive applications.
|
||||
Alternatively, you can define your own `JwtDecoder` bean for servlet applications or a `ReactiveJwtDecoder` for reactive applications.
|
||||
|
||||
In cases where opaque tokens are used instead of JWTs, you can configure the following properties to validate tokens through introspection:
|
||||
|
|
@ -220,7 +233,6 @@ In cases where opaque tokens are used instead of JWTs, you can configure the fol
|
|||
----
|
||||
|
||||
Again, the same properties are applicable for both servlet and reactive applications.
|
||||
|
||||
Alternatively, you can define your own `OpaqueTokenIntrospector` bean for servlet applications or a `ReactiveOpaqueTokenIntrospector` for reactive applications.
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue