no message

src/main/java/com/arrokoth/standalone/authorization/config/AuthorizationServerAutoConfigurer.java

@@ -43,11 +43,19 @@ public class AuthorizationServerAutoConfigurer {
         authorizationServerConfigurer.authorizationEndpoint(
                 authorizationEndpoint -> authorizationEndpoint.consentPage(authorizationServerProperties.getConsentPage()));
 
+        http
+                .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+                // 仅匹配 OAuth2 授权服务器端点（如 /oauth2/authorize, /token 等）
+                .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
+                .with(authorizationServerConfigurer, (authorizationServer) ->
+                        authorizationServer
+                                .oidc(Customizer.withDefaults())    // Initialize `OidcConfigurer`
+                );
+
         // 开始构建 HTTP 安全配置
         http
                 .csrf(AbstractHttpConfigurer::disable) // 暂时禁用 CSRF 保护（可根据需要启用）
-                // 仅匹配 OAuth2 授权服务器端点（如 /oauth2/authorize, /token 等）
+
-                .securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
                 // 请求授权规则：所有匹配该过滤链的请求都必须经过身份验证
                 .authorizeHttpRequests((authorize) -> authorize
                         .anyRequest().authenticated()

src/main/java/com/arrokoth/standalone/authorization/config/JwkConfig.java

@@ -0,0 +1,53 @@
+package com.arrokoth.standalone.authorization.config;
+
+import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jose.jwk.RSAKey;
+import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
+import com.nimbusds.jose.jwk.source.JWKSource;
+import com.nimbusds.jose.proc.SecurityContext;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.UUID;
+
+@Slf4j // 使用 Lombok 提供的日志记录器
+@Configuration // 标记为 Spring 配置类
+public class JwkConfig {
+    private static KeyPair generateRsaKey() {
+        KeyPair keyPair;
+        try {
+            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+            keyPairGenerator.initialize(2048);
+            keyPair = keyPairGenerator.generateKeyPair();
+        } catch (Exception ex) {
+            throw new IllegalStateException(ex);
+        }
+        return keyPair;
+    }
+
+    @Bean
+    public JWKSource<SecurityContext> jwkSource() {
+        KeyPair keyPair = generateRsaKey();
+        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
+        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
+        RSAKey rsaKey = new RSAKey.Builder(publicKey)
+                .privateKey(privateKey)
+                .keyID(UUID.randomUUID().toString())
+                .build();
+        JWKSet jwkSet = new JWKSet(rsaKey);
+        return new ImmutableJWKSet<>(jwkSet);
+    }
+
+    @Bean
+    public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
+        return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
+    }
+
+}