How-to: Use Spring Cloud Gateway with Spring Authorization Server

[sjohnr]

Publish a guide on how to set up Spring Cloud Gateway as an OAuth2 Client of Spring Authorization Server in order to use the gateway as a BFF (backend-for-frontend). This guide would demonstrate using the TokenRelay filter to adapt from a browser-based session (i.e. JSESSIONID cookie) to an Authorization header containing an access token (i.e. Bearer tokens) when making protected resources requests.

The guide should mention the main benefits of this architecture choice, which include:

• Securely storing access tokens (and refresh tokens) on the server (backend) instead of in the browser
• Centralizing OAuth2 Client configuration in the gateway
• Simplifying authentication requirements for browser-based (frontend) applications

[sjohnr]

Related gh-564, gh-297

[lojc]

This will be extremely helpful for the community. I've been struggling trying to find a decent working tutorial that would help me to implemente a bff. Only thing i can find is Ch4mp redirecting to the baeldung tutorial he wrote. i tried to follow it, but it is pretty complex for a person who is starting in this.

[sjohnr]

Thanks for the upvote @lojc. One thing I'm wondering for the benefit of this guide would be: What are the main challenges you have faced when implementing a BFF? Can you share any details about your use case?