Default oAuth2 implementation on Spring Security issues JSESSIONID making it stateful implementation - does Spring Security support oAuth2 workflow in a stateless manner - say via JWTs?
Note : I am looking for "Authorization Code Grant" workflow which involves obtaining access_token (a token obtained by the server via a secret exchange between the server and the protected resource (e.g., oAuth provider's api)) - perhaps a JWT whose load contains encrypted access_token (over and above JWTs encryption/hashing mechanism)?
I am looking for a stateless alternative to the guide similar to the one below https://spring.io/guides/tutorials/spring-boot-oauth2/#_social_login_authserver
