In the Chapter 4, Authentication Using CAS and JAAS, we went through the reactive Spring WebFlux web application framework in detail. We also looked into a lot of the reactive programming support provided by the Spring Framework and other Spring modules. Knowingly or unknowingly, we created a reactive REST API in the previous chapter's example sections. We used a handler and router mechanism for creating a RESTful application and also secured it using the BASIC authentication mechanism.

We saw the workings of WebClient (a reactive way of calling REST APIs, as opposed to using a blocking RestTemplate) and WebTestClient (a reactive way of writing test cases). We also saw the workings of Spring Data in a reactive way using MongoDB as the persistent store.

We will not go through these aspects here; we will only mention that, if you wish, you can make yourself comfortable with this topic by going through the section in Chapter 4, Authentication Using CAS and JAAS. In this chapter, we will cover where we left off from the previous chapter by getting to REST API security using the JWT, and then going through REST API security using OAuth (implementing a custom provider as opposed to using public providers, such as Google, Facebook, and so on).