# Fluxo Resources Servers

```mermaid
sequenceDiagram
    participant C as Client Application
    participant D as Resource Service<br>(API)
    participant S as SSO Server
    Note over C: Authenticated user
    C->>D: Request a protected resource<br>by passing the JWT access token
    activate D
    D->>D: Validates token format and validity
    D->>S: Prompt for RSA encryption public key
    activate S
    S->>D: Returns the RSA public key
    deactivate S
    D-->>D: Caches the public key
    D-->>D: Validate token signature with encryption key
    D->>C: Accept/Deny access to the requested resource
    deactivate D
 ```