Implement OAuth2 and OpenID Connect specifications to enable logging in with a well-defined authorization server, which doesn't need to be the backend server itself, and still recognize users on a superficial basis.
However, instead of replacing the previous system (users and credentials stored in database), there should be a feature flag to enable/disable its usage.
Expected outcome
Depending on the features supported by the implementation, Customers and Salespeople can authenticate (login, even register) themselves through Google and GitHub, and authorize themselves to a corresponding user role with their given role permissions.
Summary
Implement OAuth2 and OpenID Connect specifications to enable logging in with a well-defined authorization server, which doesn't need to be the backend server itself, and still recognize users on a superficial basis.
However, instead of replacing the previous system (users and credentials stored in database), there should be a feature flag to enable/disable its usage.
Expected outcome
Depending on the features supported by the implementation, Customers and Salespeople can authenticate (login, even register) themselves through Google and GitHub, and authorize themselves to a corresponding user role with their given role permissions.
Considered alternatives
Spring Security has features for implementing usage of OAuth2.