# OAuth 2.0 Resource Server

Spring Security supports protecting endpoints using two forms of OAuth 2.0 Bearer Tokens (opens new window):

This is handy in circumstances where an application has delegated its authority management to an authorization server (opens new window) (for example, Okta or Ping Identity). This authorization server can be consulted by resource servers to authorize requests.

A complete working example for JWTs (opens new window) is available in the Spring Security repository (opens new window).

OAuth2 Authorized ClientsJWT