I am trying to protect my microservices on Spring Boot using Oath2 with Client Credentials flow.
By the way, those microservices will only talk each other over the middleware layer, I mean no user credentials are needed to allow the authorization (user login process as Facebook).
I have looked for samples on the Internet showing how to create an authorization and resource server to manage this communication. However I just found examples explaining how to do it using user credentials (three legs).
Does anyone have any sample how to do it in Spring Boot and Oauth2? If it is possible give further details about the scopes used, token exchanging would be grateful.
Best Answer
We have REST services protected with Oauth2 Client credentials scheme. The Resource and authorization service are running in the same app, but can be split into different apps.
Datasource config for the Oauth2 tables:
Communicating with authentication & resource server goes as followed
The following record is present in the Oauth2 Database:
Resttemplate configuration in client application
You can inject the restTemplate to talk (Asynchronously) to the Oauth2 secured service. We do not use scope at the moment.