0
I am developing a project using SOA where I have a web application made in Angular 2 and several micro services in Spring Boot, among the services there are authentication and notification services that could be shared among other applications. About implementing the authentication service I have the following doubts:
What is the best authentication method for this scenario ? how it works?
Using token authentication would it be recommended to check the token with the authentication service in the requests made for other services? (for example creates a filter in other services where for each request the header token is extracted, then it is sent to the authentication service and if it is correct the user information is returned, but the status 401 )?
User information must be persisted in the authentication service?
Is there any graphic representation or sequence diagram of this method ? This way all requests to other servers would be forced to validate the token with the authentication server ?
– user5020
The definition of the authorization flow comes from the Oauth 2.0 protocol itself. Here is an interesting link with the step diagram: https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2
– Rafael Manzoni