# OAuth 2.0 Resource Server

Spring Security supports protecting endpoints using two forms of OAuth 2.0 [Bearer Tokens](https://tools.ietf.org/html/rfc6750.html):

* [JWT](https://tools.ietf.org/html/rfc7519)

* Opaque Tokens

This is handy in circumstances where an application has delegated its authority management to an [authorization server](https://tools.ietf.org/html/rfc6749) (for example, Okta or Ping Identity).
This authorization server can be consulted by resource servers to authorize requests.

|   |A complete working example for [**JWTs**](https://github.com/spring-projects/spring-security-samples/tree/5.6.x/reactive/webflux/java/oauth2/resource-server) is available in the [Spring Security repository](https://github.com/spring-projects/spring-security-samples/tree/5.6.x).|
|---|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

[OAuth2 Authorized Clients](../client/authorized-clients.html)[JWT](jwt.html)