Java 大佬帮忙看看为啥我生成的 access token 和 refresh token 一样？

代码如下：

@Configuraton public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()) .csrf((crsf) -> crsf.ignoringRequestMatchers("/token")) .httpBasic(Customizer.withDefaults()) .oauth2ResourceServer((resourceServer) -> resourceServer.jwt(Customizer.withDefaults())) .sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) .exceptionHandling((exceptions) -> exceptions .authenticationEntryPoint(new BearerTokenAuthenticationEntryPoint()) .accessDeniedHandler(new BearerTokenAccessDeniedHandler()) ); return http.build(); } @Bean public UserDetailsService userDetailsService() { return new InMemoryUserDetailsManager( User.withUsername("user") .password("{noop}123") .authorities("app") .build() ); } @Bean @Primary public JWKSource<SecurityContext> jwkSource() { KeyPair keyPair = generateRsaKey(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); RSAKey rsaKey = new RSAKey.Builder(publicKey) .privateKey(privateKey) .keyID(UUID.randomUUID().toString()) .build(); JWKSet jwkSet = new JWKSet(rsaKey); return new ImmutableJWKSet<>(jwkSet); } @Bean @Qualifier("refreshJwkSource") public JWKSource<SecurityContext> refreshJwkSource() { KeyPair keyPair = generateRsaKey2(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); RSAKey rsaKey = new RSAKey.Builder(publicKey) .privateKey(privateKey) .keyID(UUID.randomUUID().toString()) .build(); JWKSet jwkSet = new JWKSet(rsaKey); return new ImmutableJWKSet<>(jwkSet); } public KeyPair generateRsaKey() { KeyPair keyPair; try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(2048); keyPair = keyPairGenerator.generateKeyPair(); } catch (Exception ex) { throw new IllegalStateException(ex); } return keyPair; } private KeyPair generateRsaKey2() { KeyPair keyPair; try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(2048); keyPair = keyPairGenerator.generateKeyPair(); } catch (Exception ex) { throw new IllegalStateException(ex); } return keyPair; } @Bean @Primary JwtEncoder jwtEncoder(JWKSource<SecurityContext> jwkSource) { return new NimbusJwtEncoder(jwkSource); } @Bean @Qualifier("refreshJwtEncoder") JwtEncoder refreshJwtEncoder(JWKSource<SecurityContext> refreshJwkSource) { return new NimbusJwtEncoder(refreshJwkSource); } @Bean @Primary JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) { Set<JWSAlgorithm> jwsAlgorithmSet = new HashSet<>(JWSAlgorithm.Family.RSA); ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>(); JWSKeySelector<SecurityContext> jwsKeySelector = new JWSVerificationKeySelector<>(jwsAlgorithmSet, jwkSource); jwtProcessor.setJWSKeySelector(jwsKeySelector); jwtProcessor.setJWTClaimsSetVerifier(((jwtClaimsSet, securityContext) -> {})); return new NimbusJwtDecoder(jwtProcessor); } @Bean @Qualifier("refreshJwtDecoder") JwtDecoder refreshJwtDecoder(JWKSource<SecurityContext> refreshJwkSource) { Set<JWSAlgorithm> jwsAlgorithmSet = new HashSet<>(JWSAlgorithm.Family.RSA); ConfigurableJWTProcessor<SecurityContext> jwtProcessor = new DefaultJWTProcessor<>(); JWSKeySelector<SecurityContext> jwsKeySelector = new JWSVerificationKeySelector<>(jwsAlgorithmSet, refreshJwkSource); jwtProcessor.setJWSKeySelector(jwsKeySelector); jwtProcessor.setJWTClaimsSetVerifier(((jwtClaimsSet, securityContext) -> {})); return new NimbusJwtDecoder(jwtProcessor); } } 

为啥我用 jwtEncoder 和 refreshJwtEncoder 生成的 token 是一样的？