2
I will start a new project and came to doubt regarding the best way to work the authentication/authorization part. The project will be developed in Java with spring (boot), backend and frontend (angular) will be separated with possibility to develop in the future an application (mobile). In short, my doubts are as follows::
- what technology/protocol to use in the API to securely serve a web and mobile application? Oauth 2 + JWT?
- Deploy with spring security only or use other technologies?
I have already developed applications with spring security using module Oauth 2 + JWT, but searching now I saw that spring security is discontinuing support for Authorization Server, recommending using external "modules". In another survey I saw that at community requests are developing a separate Authorization Server (https://github.com/spring-projects-experimental/spring-authorization-server). I got a little lost in that information.
My goal is not to receive ready-made codes, just guidance on technologies and best practices with informed technologies.
Thanks in advance.