Comments on: Microservices security with Oauth2

By: Piotr Mińkowski

Piotr Mińkowski — Tue, 30 Oct 2018 22:45:14 +0000

In reply to nick ao. Hello. Why do you think that gateway cannot perform authorization or authentication?

By: nick ao

nick ao — Thu, 25 Oct 2018 13:51:10 +0000

Hello Piotr Mińkowski,
First of all, i want to thanks you about your post. It’s great.
Could you explain me this point, please? I don’n understand why do you put login form and login confirmation in Gateway module. In fact, gateway only have one mission – forwarding the request. And the Auth-Service normaly is the responsible of Authentification and Authorization. So, i think it’s better that Auth-Service do Authentification and Authorization and that Gateway only forward the request (it shouldn’t have the login form and login confirm).
Thanks a lot
I’m waiting your response.
Best,

By: DEEPAK

DEEPAK — Fri, 31 Aug 2018 11:09:12 +0000

HI
Thanks for the tutorial.
I have 2 queries .
1. You have commented the code in OAuth2Config.java file in auth package. Any reasons. Will it work .
2. OAUTH2 is authorization framework. So if a website gives option for login with facebook account or google account like delegated the authentication to these sites then will it be still OAuth2 scenario.
Thanks

By: HB

HB — Wed, 25 Apr 2018 09:51:51 +0000

Perfect 🙂

Thanks.

By: Piotr Mińkowski

Piotr Mińkowski — Tue, 24 Apr 2018 22:22:41 +0000

In reply to HB.

Hi,
Source code is available on GitHub here: https://github.com/piomin/sample-spring-oauth2-microservices.git. You have three branches with different examples (basic and more advanced). The newest one is with_database. You can also find some more examples related to oauth2 in my blog: https://piotrminkowski.wordpress.com/?s=oauth2

By: HB

HB — Tue, 24 Apr 2018 11:29:34 +0000

In reply to Piotr Mińkowski.

hi,
firstly I start by thanking you for the quality of your posts.

I am interested in this post: https://piotrminkowski.wordpress.com/2017/12/01/part-2-microservices-security-with-oauth2/
but I can not find the source code ?
to make a comparison with the logic of the post
can you help me with that?

thank you in advance.

By: Piotr Mińkowski

Piotr Mińkowski — Sat, 24 Mar 2018 10:14:42 +0000

In reply to Daxol.

Take a look on that article: https://piotrminkowski.wordpress.com/2017/12/01/part-2-microservices-security-with-oauth2/

By: Daxol

Daxol — Thu, 22 Mar 2018 21:10:14 +0000

Jak autoryzować się tym tokenem w innych mikroserwisach?

By: Piotr Mińkowski

Piotr Mińkowski — Fri, 02 Mar 2018 20:44:30 +0000

In reply to Pedro. Hi, Thanks. You don't have to. You can devide seprate out resource server from authorization server

By: Pedro

Pedro — Mon, 12 Feb 2018 14:42:50 +0000

Great Article!

Could you please explain me why we have to define the authorization server as a resource (@EnableResourceServer annotation)? I have test it and works like a charm but I don’t understand why this annotation is needed. I understand its use in the microservices but not in the authorization server.

Thanks!