We're considering to integrate our Java, Spring Boot backend API's with the Mendix Single Sign On system so that we can do user management in Mendix and keep with OAuth and OpenID Connect. Our question is: how does the backend validate any tokens sent to it? Do we need an authorization endpoint where we can find a public key? If so, what is it? Any guidance is appreciated!
Does this helps you? https://docs.mendix.com/developerportal/deploy/managing-mendix-sso
From your comment, it seems you do not have a separate identity provider, but that a Mendix application authenticates users based on local accounts. I will use this as an assumption.
If you control both the Mendix application and the backend API's, you have many options. It really depends on your use case.