an endpoint that returns a set of JSON Web Keys(JWKs), you can configure security.oauth2.resource.jwk.key-set- uri. E.g. on PWS: $ curl https://uaa.run.pivotal.io/token_keys {"keys":[{"kid":"key-1","alg":"RS256" Configuring both JWT and JWK properties will cause an error. Only one of security.oauth2.resource.jwt.key-uri (or security.oauth2.resource.jwt.key-value) and security.oauth2.resource.jwk.key-set-uri should be configured. Warning If you use the security.oauth2.resource.jwt.key-uri or security.oauth2.resource.jwk.key-set-uri, the authorization server needs to be running when your application starts up. It will

an endpoint that returns a set of JSON Web Keys(JWKs), you can configure security.oauth2.resource.jwk.key-set- uri. E.g. on PWS: $ curl https://uaa.run.pivotal.io/token_keys {"keys":[{"kid":"key-1","alg":"RS256" Configuring both JWT and JWK properties will cause an error. Only one of security.oauth2.resource.jwt.key-uri (or security.oauth2.resource.jwt.key-value) and security.oauth2.resource.jwk.key-set-uri should be configured. Warning If you use the security.oauth2.resource.jwt.key-uri or `security.oauth2.resource.jwk.key-set-uri, ` the authorization server needs to be running when your application starts up. It will

an endpoint that returns a set of JSON Web Keys(JWKs), you can configure security.oauth2.resource.jwk.key-set- uri. E.g. on PWS: $ curl https://uaa.run.pivotal.io/token_keys {"keys":[{"kid":"key-1","alg":"RS256" Configuring both JWT and JWK properties will cause an error. Only one of security.oauth2.resource.jwt.key-uri (or security.oauth2.resource.jwt.key-value) and security.oauth2.resource.jwk.key-set-uri should be configured. Warning If you use the security.oauth2.resource.jwt.key-uri or `security.oauth2.resource.jwk.key-set-uri, ` the authorization server needs to be running when your application starts up. It will

an endpoint that returns a set of JSON Web Keys(JWKs), you can configure security.oauth2.resource.jwk.key-set- uri. E.g. on PWS: $ curl https://uaa.run.pivotal.io/token_keys {"keys":[{"kid":"key-1","alg":"RS256" Configuring both JWT and JWK properties will cause an error. Only one of security.oauth2.resource.jwt.key-uri (or security.oauth2.resource.jwt.key-value) and security.oauth2.resource.jwk.key-set-uri should be configured. Warning If you use the security.oauth2.resource.jwt.key-uri or `security.oauth2.resource.jwk.key-set-uri, ` the authorization server needs to be running when your application starts up. It will

an endpoint that returns a set of JSON Web Keys(JWKs), you can configure security.oauth2.resource.jwk.key-set- uri. E.g. on PWS: $ curl https://uaa.run.pivotal.io/token_keys {"keys":[{"kid":"key-1","alg":"RS256" Configuring both JWT and JWK properties will cause an error. Only one of security.oauth2.resource.jwt.key-uri (or security.oauth2.resource.jwt.key-value) and security.oauth2.resource.jwk.key-set-uri should be configured. Warning If you use the security.oauth2.resource.jwt.key-uri or `security.oauth2.resource.jwk.key-set-uri, ` the authorization server needs to be running when your application starts up. It will

an endpoint that returns a set of JSON Web Keys(JWKs), you can configure security.oauth2.resource.jwk.key-set- uri. E.g. on PWS: $ curl https://uaa.run.pivotal.io/token_keys {"keys":[{"kid":"key-1","alg":"RS256" Configuring both JWT and JWK properties will cause an error. Only one of security.oauth2.resource.jwt.key-uri (or security.oauth2.resource.jwt.key-value) and security.oauth2.resource.jwk.key-set-uri should be configured. Warning If you use the security.oauth2.resource.jwt.key-uri or `security.oauth2.resource.jwk.key-set-uri, ` the authorization server needs to be running when your application starts up. It will

an endpoint that returns a set of JSON Web Keys(JWKs), you can configure security.oauth2.resource.jwk.key-set- uri. E.g. on PWS: $ curl https://uaa.run.pivotal.io/token_keys {"keys":[{"kid":"key-1","alg":"RS256" Configuring both JWT and JWK properties will cause an error. Only one of security.oauth2.resource.jwt.key-uri (or security.oauth2.resource.jwt.key-value) and security.oauth2.resource.jwk.key-set-uri should be configured. Warning If you use the security.oauth2.resource.jwt.key-uri or `security.oauth2.resource.jwk.key-set-uri, ` the authorization server needs to be running when your application starts up. It will

user-info- uri=http://my-auth-server/userinfo spring.security.oauth2.client.provider.my-oauth-provider.jwk-set- uri=http://my-auth-server/token_keys spring.security.oauth2.client.provider.my-oauth-provider can set up an OAuth2 Resource Server as long as a JWK Set URI is specified, as shown in the following example: spring.security.oauth2.resource.jwt.jwk.set- uri=https://example.com/oauth2/default/v1/keys SECURITY OAUTH2 RESOURCE SERVER (OAuth2ResourceServerProperties) spring.security.oauth2.resource.jwt.jwk.set-uri= # JSON Web Key URI to use to verify the JWT token. # ----------------------------------------

my-oauth-provider.user-info- authentication-method=header spring.security.oauth2.client.provider.my-oauth-provider.jwk-set- uri=http://my-auth-server/token_keys spring.security.oauth2.client.provider.my-oauth-provider OAuth2 Resource Server as long as a JWK Set URI or OIDC Issuer URI is specified, as shown in the following examples: spring.security.oauth2.resourceserver.jwt.jwk-set- uri=https://example.com/oauth2/default/v1/keys OAUTH2 RESOURCE SERVER (OAuth2ResourceServerProperties) spring.security.oauth2.resourceserver.jwt.jwk-set-uri= # JSON Web Key URI to use to verify the JWT token. spring.security.oauth2.resourceserver

my-oauth-provider.user-info- authentication-method=header spring.security.oauth2.client.provider.my-oauth-provider.jwk-set- uri=http://my-auth-server/token_keys spring.security.oauth2.client.provider.my-oauth-provider OAuth2 Resource Server as long as a JWK Set URI or OIDC Issuer URI is specified, as shown in the following examples: spring.security.oauth2.resourceserver.jwt.jwk-set- uri=https://example.com/oauth2/default/v1/keys OAUTH2 RESOURCE SERVER (OAuth2ResourceServerProperties) spring.security.oauth2.resourceserver.jwt.jwk-set-uri= # JSON Web Key URI to use to verify the JWT token. spring.security.oauth2.resourceserver