Implementing authentication and authorization using Zuul Proxy, Oauth2 on REST Microservices

Question

I am trying to implement the above architecture in the workflow with Spring Boot.

• Web client makes a request to Resource Server (Microservices Endpoints)

Answer 1

I've been struggling with same security design issue for microservice architecture based on spring cloud solution. I only find this article shedding some light on it: https://developer.okta.com/blog/2018/02/13/secure-spring-microservices-with-oauth

But it's pertaining to Okta sso service provider, not a generic solution to other oauth2 server like keycloak.

I also saw some solutions on how to protect gateway and microservice with oauth2 server like this one: https://github.com/jgrandja/oauth2login-gateway

But it doesn't take into consideration the web client.