In a Spring Boot application, I have an OAuth2 Authorization/Resource servers. Based on this and Spring Security, I have secured my Spring MVC REST API endpoints.
In
This tutorial shows how to achieve exactly that (if I understood the problem correctly) : having an auth server issuing your own oauth2 tokens based on external oauth2 authentication. The corresponding code is available here.
The gist of it is that you use @EnableOAuth2Client
in addition to @EnableAuthorizationServer
and insert an OAuth2ClientAuthenticationProcessingFilter
filter before spring security default ones.