Spring boot microservice with OAuth 2 and JWT for Security

Question

I am developing a Spring boot application for payment using microservices, which will be consumed by mobile application and web application.

1) Users need to be authenticated for accessing the mobile app

2) Third party mobile apps using my services need to be authenticated (with my app)

3) Web applications using my services need to be authenticated.

My user details will be there in DB or LDAP. I have plans for integrating IBM API management and the deployment will be in on-premise servers. Based on this requirement how I need to design and implement my solution?

After going through different blogs I am confused now. So a proper guidance will be very helpful for me.

Answer 1

Your question is a bit vague or too broad, but ... Using LDAP does not scale well, consider using NoSQL alternatives as those are closer to the principles of microservices. See:

• Microservice Authentication strategy
• http://presos.dsyer.com/decks/microservice-security.html#slide6
• https://www.quora.com/Microservices/How-do-I-handle-authentication-in-a-microservices-architecture-with-the-front-end-decoupled-too