Spring Security using spring-security-oauth2-resource-server always invalid_token

I created a project as an Authorization Server using spring-security-oauth2. and create other project as an Resource Server using spring-security-oauth2-resource-server. some config of Resource Server is that:

spring:
  security:
    oauth2:
      resourceserver:
        opaquetoken:
          client-id: client1
          client-secret: 123456
          introspection-uri: ${AuthorizationServerHost}/oauth/check_token

my operation: 1. login Authorization Server, get the token. e.g. IxPuO7hA9jVMWF08UI6HmDkizME= 2. access resource server api, but i always get the exception. org.springframework.security.authentication.AuthenticationServiceException: 400 : [{"error":"invalid_token","error_description":"Token was not recognised"}]

-- Debug i found this call chain.

org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter#doFilterInternal
  org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver#resolve
    org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver#resolveFromAuthorizationHeader

The real token is IxPuO7hA9jVMWF08UI6HmDkizME=, but this code return IxPuO7hA9jVMWF08UI6HmDkizME.（‘=’ at the end is gone） Caused /oauth/check_token always return invalid_token error.

-- Question Is there a problem with the way I use it? or other? thx

---

dependency:

<dependency>
    <groupId>org.springframework.security.oauth.boot</groupId>
    <artifactId>spring-security-oauth2-autoconfigure</artifactId>
    <version>2.3.1.RELEASE</version>
</dependency>

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-oauth2-resource-server</artifactId>
    <version>5.3.3.RELEASE</version>
</dependency>

Comment From: eleftherias

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements.

Briefly, you are using modules that are part of the deprecated Spring Security OAuth project.
You can view the OAuth 2.0 migration guide if you are migrating a legacy application, or check out the Spring Security samples if you are getting started with a new project.