Reputation: 314
What is resource server in OAuth2 using spring cloud micro-service
I know the concept of OAuth2 and Spring cloud like zuul eureka and spring boot. But I am unable to co-relate the OAuth2 concept practically. Let say I have 2 micro-services product and billing. On top of that I have created Zuul proxy. Now I want implement Oauth2 , I have create authorization server, So now my question is - what is the resource server exactly in my case. Is it Zuul proxy APIs. Or I need to create another micro-service as resource server. Or product and billing micro-services are resource server. I am confusing with theoretical knowledge and practical application.
Upvotes: 0
Views: 101
Answers (1)
Reputation: 2763
In your case, product and billing are resource services. They decide whether a user has appropriate claims to access bill or product resource.
The gateway is not a resource service, despite it can validate a token (check signature and expiration date). Using such a check then it passes request (and the token) to your services. Since the token has been already validated services could trust it, and just check whether it contains appropriate claims, avoiding double checking signature.
Upvotes: 1
Related Questions
- How OAuth resource server receives access token?
- What is a Resource Server when it comes to Microservices?
- How to configure oAuth2 when Authorization Server is also the Resource server
- Spring Zuul Oauth2 Gateway/Resource Server
- Do I need resource server with Spring Security OAuth2?
- OAuth2 authetication server and resource server using Spring boot
- Spring OAuth2 explain Authorization server configuration
- Spring OAuth2 security and ResourceServer configuration
- Spring OAuth: Resource Server with Authorization Server backend
- Spring OAuth2 Resource and Authorization servers