Implement Spring Security in Accounts Service

[somersbmatthews]

Create routes that do the following: Routes:

1. return session
2. return oauth token as "access_token" in json response body
3. return jwt refresh token
4. return jwt access token

3/4 are redundant with 1 but it is good to know how to do both.

you can run redis to store sessions locally like this: docker run -d --name redis -p 6379:6379 redis:4.0.5-alpine

session vs jwt: https://www.youtube.com/watch?v=o9hT7v0OLJc

difference between cookies, jwt, and tokens: https://www.youtube.com/watch?v=GhrvZ5nUWNg

https://www.baeldung.com/spring-session-reactive https://www.baeldung.com/spring-security-session https://docs.spring.io/spring-security/reference/reactive/oauth2/index.html https://docs.spring.io/spring-session/reference/http-session.html

[arh1109]

awesome, I'll get started. Not too familiar w/ reactive oauth yet. Can definitely get regular Oauth

[somersbmatthews]

please see https://www.baeldung.com/spring-security-oauth-jwt

note the difference between Authorization and Resource Server:

https://howtodoinjava.com/spring-boot2/oauth2-auth-server/