artemMartynenko
commented
5 years ago Hi. This solution directly implement workflow described on stackoverflow. If you have separate web client, on first request to the resource server client will get response with 302 status code location to redirect for authentication and authorization process. After the chain of redirects client will get access to the resource server (target microservice). About things that you confused on (from the question from stackoverflow): 1) "How can we pass the user details to the microservices so that the microservices can do their own level of user authorization". There are few ways how you can make it. The first one. Your authorization service use simple tokens as bearer token (like a uuid), in this case auth service should provide user details endpoint. On the micriservice side (resource service) you should set user details url to spring security configuration. So in this case when the request gets target microservice, sprng security on microservice make rest call to user details url with incoming bearer token as a param and gets user details as response. The second one (described in this sample application) .Your authorization service use JWT as bearer token. In this case your bearer token includes user details inside and the token itself signed with authorization service private key. So in this case resource service need to have a public to verify that bearer token signed by trusted authorization server. Also user details request could be made but in this case it will be optional. Did i answer your question ?
Hi,
How to fit this solution into the architecture with separate web client in front of cloud gateway?
This issue had been discussed on stackoverflow as below:
https://stackoverflow.com/questions/54332236/implementing-authentication-and-authorization-using-zuul-proxy-oauth2-on-rest-m