Hi everyone,
We’ve set up a Jmix 2.4 application as an authorization server using the password grant type to issue access tokens. We have another Jmix 1.5 project that needs to consume APIs secured by these tokens.
We added configurations in the application.properties file of the Jmix 1.5 project:
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://localhost:8080/oauth2/jwks
spring.security.oauth2.resourceserver.opaque-token.client-id=myapp
spring.security.oauth2.resourceserver.opaque-token.client-secret=mysecret
However, we’re encountering an “invalid token” error. This is because Jmix 1.5 attempts to retrieve the token from its internal oauth_access_token table.
We want to customize Jmix 1.5 to validate access tokens from the Jmix 2.4 authorization server when making API calls. This solution should be compatible with both Jmix and non-Jmix clients.
We’d appreciate any solutions or approaches to achieve this integration.
Additionally, we’d like to understand how to handle this scenario if Jmix 2.4 remains the authorization server but the client is a non-Jmix platform.
Thank you for your time and assistance.