Where is hmpps-auth being set as the Authorization Server?

How does the prison-api specify hmpps-auth as its OAuth 2.0 authorization server? Where exactly in the code or configuration files I mean?

Or if you're doing it by Spring Security's auto-configuration, can you share a link to the Spring Security documentation that describes that auto-configuration? Please? I've Googled. But I couldn't find anything.

I'm aware of a few different ways provided by Spring Security for a resource server to configure what authorization server it will delegate OAuth 2.0 authorization to.

Specify it in application.yaml (or application.properties):

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          issuer-uri: https://idp.example.com/issuer

Specify it using the DSL:

@EnableWebSecurity
public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) {
        http
            .authorizeRequests(authorize -> authorize
                .anyRequest().authenticated()
            )
            .oauth2ResourceServer(oauth2 -> oauth2
                .jwt(jwt -> jwt
                    .jwkSetUri("https://idp.example.com/.well-known/jwks.json")
                )
            );
    }
}

I can't see anywhere in any prison-api file where the authorization server is set. Apart from this dev profile configurations I found in the project:

spring:
  security:
    oauth2:
      resourceserver:
        jwt:
          public-key-location: classpath:local-public-key.pub

And this test resource:

spring.security.oauth2.resourceserver.jwt.jwk-set-uri: http://localhost:9090/auth/.well-known/jwks.json

Thank you in advance.

ministryofjustice / prison-api

Where is hmpps-auth being set as the Authorization Server? #910