I’d like to use JSON Web Token (JWT) with a React and Spring Boot application. As I understand it, with a single-page app (SPA) I must use the implicit grant flow. Should this be the case, how can I configure Okta’s authorization server to issue a JWT rather than a session token? If sending a JWT to the SPA is not possible, is there another mechanism to acquire a JWT for the SPA, e.g. submit the session token to Okta’s authorization server for a JWT?
Further, assuming the SPA is able to acquire a JWT, how should one validate the JWT? Do the following libraries provide validation capabilities?
Or will I additionally need