An authorization server is a configuration class. In this class, we'll create a grant-type environment. A grant type helps a client get an access token from the end user. This server's configuration is designed to implement the client details' service and token service. It's also responsible for enabling or disabling certain components of the mechanism globally. Now, create an authorization server class named AuthorizationServerConfig.kt. 

Here's the code for AuthorizationServerConfig.kt:

@Configuration
@EnableAuthorizationServer
class AuthorizationServerConfig: AuthorizationServerConfigurerAdapter() {

   @Autowired
   lateinit var authenticationManager: AuthenticationManager

    @Autowired
    lateinit var passwordEncoder: BCryptPasswordEncoder

    @Throws(Exception::class)
    override fun configure(security: AuthorizationServerSecurityConfigurer?) {
        security!!.checkTokenAccess("isAuthenticated()")
    }

    @Throws(Exception::class)
    override fun configure(clients: ClientDetailsServiceConfigurer?) {
       clients!!
               .inMemory()
               .withClient("client")
               .secret(passwordEncoder.encode("secret"))
               .authorizedGrantTypes("password")
               .authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
               .scopes("read", "write", "trust")
               .resourceIds("oauth2-resource")
               .accessTokenValiditySeconds(5000) // token validity time duration 5 minuets

    }

    @Throws(Exception::class)
    override fun configure(endpoints: AuthorizationServerEndpointsConfigurer?) {
        endpoints!!.authenticationManager(authenticationManager)
    }
}

The @EnableAuthorizationServer annotation enables the features of the OAuth 2.0 authorization server mechanism. You need to add the @Configuration annotation to make it the configuration class.

This class extends AuthorizationServerConfigurerAdapter, which then extends ResourceServerConfigurer. It will make it possible to override and configure AuthorizationServerConfigurer. There are three types of configure() functions:

• ClientDetailsServiceConfigurer: This defines the details service of a client.
• AuthorizationServerSecurityConfigurer: This defines the security constraints on the token endpoint.
• AuthorizationServerEndpointsConfigurer: This defines the authorization and token endpoints and the token services.

According to our code, in configure(security: AuthorizationServerSecurityConfigurer?), we define whether or not to check the token endpoint which is authenticated.

In configure(clients: ClientDetailsServiceConfigurer?), we define the ClientDetails service. In this project, we didn't use a database, so we use an in-memory implementation of the ClientDetails service. Here are the important attributes of the client:

• withClient(): This is required and this is where we define the client ID, "client".
• secret(): This is required for trusted clients and is where we define the secret, "secret", but we have to encode the password. Here, we inject BCryptPasswordEncoder to encode the password or secret key.
• authorizedGrantTypes(): We have used the "password" grant type that's authorized for the client to use. 
• scope(): The scope is used to limit the access for the resources of a client. If the scope is undefined or empty, that means the client isn't limited by scope. Here, we use "read", "write", and "trust".
• authorities(): This is used to grant the client.
• resourceId(): This optional ID is used for the resource. 
• accessTokenValiditySeconds(): This refers to the token validity time duration.

In configure(endpoints: AuthorizationServerEndpointsConfigurer?), we've configured AuthorizationEndpoint, which supports the grant type. We inject AuthenticationManager and configure it via AuthorizationServerEndpointsConfigurer.