Typically, an authorization server would be a different server from the application where the API is exposed. To keep things simple, we will make our current API server act both as the resource server and as the authorization server.
The following code snippet shows how we can enable our application to act as the resource and authorization server:
@EnableResourceServer @EnableAuthorizationServer ...