Using and customizing spring-security-oauth2-resource-server with Spring Boot
As you might know, the old spring-security-oauth2-autoconfigure was deprecated and replaced by spring-security-oauth2-resource-server. Here I will try to demonstrate how to use it in a typical setup: web server (as a client, using authorization_code grant type) - authorization server - resource server, with some customization (loading additional properties from the check_token and user info endpoints). The Authorization Server A lot has been going on in the spring framework about this, so I am not going to put much details here. You can use any authorization server implementation, including the deprecated one from spring-security-oauth2 or the new one spring-security-oauth2-authorization-server or any other non-spring implementation, that follows the oauth 2.0/2.1 specification. All of the following examples are based on spring-boot and using spring-security. The Resource Server Dependencies <dependency> <groupId> org.springframework.security </groupId> <