# OAuth 2.0 Resource ServerSpring Security supports protecting endpoints using two forms of OAuth 2.0 [Bearer Tokens](https://tools.ietf.org/html/rfc6750.html):*[JWT](https://tools.ietf.org/html/rfc7519)* Opaque TokensThis is handy in circumstances where an application has delegated its authority management to an [authorization server](https://tools.ietf.org/html/rfc6749)(for example, Okta or Ping Identity).This authorization server can be consulted by resource servers to authorize requests.| |A complete working example for [**JWTs**](https://github.com/spring-projects/spring-security-samples/tree/5.6.x/reactive/webflux/java/oauth2/resource-server) is available in the [Spring Security repository](https://github.com/spring-projects/spring-security-samples/tree/5.6.x).||---|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|[OAuth2 Authorized Clients](../client/authorized-clients.html)[JWT](jwt.html)