New Blog Post in Microservice
Adding the password grant type to Spring Authorization Server
Contact me for information about consulting and training at your company.
The MEAP for Microservices Patterns 2nd edition is now available
From time to time, I’ve created sample applications that included an API Gateway that authenticates client requests and passes to the backend services a JWT containing the client’s identity and roles. The big picture is as follows:
First, I’ll describe the request flow and then I’ll explain how I enhanced the Spring Authorization Server.
Using a security server
To avoid reinventing the wheel, the applications use an off-the-shelf security service that’s responsible for:
- Authenticating client credentials
- Issuing a JWT, which is signed with a private key
- Providing access to the corresponding public key that a backend service uses to validate the JWT
The flow is as follows:
- The API Gateway authenticates the client’s credentials (username/password aka API key/secret)
- The API Gateway invokes a backend service with a (REST) requests, which includes a JWT, which contains the client’s identity and roles.
- The backend service validates the JWT
- The backend service authorizes the client to access the requested resource.
Featured Blogs
- fmff
- dog
- game
- New web Blogpost
- blogging
- Wishing a very Happy Diwali to all of you!
- Using Spring Authorization Server
- New Blog Post in Microservice
- Dark energy and dark matter
- blog_4
- Blog_3
- Blog_2
- New blog fro kiru
- testing blog approval after fix
- test blog section approval
- New Web Blog Publisher - From Seenivasan
- New webBlog
- New Web Blog Publisher 1
- New Web Blog Publisher
- testing newsletter from sub agent account
- Blogg
- testing blog publisher flow
- deployed the changes to staging
- Testing web blog publication
- blog checking
- wrong bug
- Blog Checking scenirio
- Final test
- new flow with staging blog
- test blog not creation issue in sub agents
- now test last
- test blog now with UI