I want to find an article or spec that clearly sets out the approach of using JWTs issued by an Authentication Server to secure a Resource Server. The page at JSON Web Token Introduction - jwt.io describes this and provides a diagram in the section “How do JSON Web Tokens work?”. However it does not go into much detail.
I understand how the approach works myself, but would like to be able to point to an external resource that describes it when communicating this to others. However, most online articles about JWT describe the scenario where the same server is generating the JWT and validating it (i.e. there is no Separate Authentication Server vs Resource Server). I’ve found guides for how to implement this using Auth0 as the Authentication Server, but I’m looking for a description of the concept, not an implementation guide for using Auth0 specifically.
Can anyone point me to an article that describes, in detail, the approach of using a separate Authentication Server & Resource Server?