I am working on a new micro-service design that I hope to deploy to Azure. I would like to have a Spring Authorization Server that handles all authentication and authorization users against our Azure Entra for other services we will be deploying. All other services will use that service for authorization of requests. Being new to Azure, I created a few users and roles in Entra. I also am running my services locally to connect and test. Here is what I have so far:
AuthService dependencies:
ext {
set('springCloudAzureVersion', "5.19.0")
}
dependencies {
implementation ".springframework.boot:spring-boot-starter-web"
implementation ".springframework.boot:spring-boot-starter-security"
implementation ".springframework.boot:spring-boot-starter-oauth2-authorization-server"
testImplementation '.springframework.boot:spring-boot-starter-test'
testImplementation ".junit.jupiter:junit-jupiter"
testRuntimeOnly '.junit.platform:junit-platform-launcher'
}
Configuration in application.yml:
spring:
application:
name: AuthServer
security:
oauth2:
client:
registration:
azure:
provider: azure
client-id: {client-id}
client-secret: {client-secret}
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
provider:
azure:
issuer-uri: /{tenant-id}/v2.0
Unfortunately I have struggled to find good examples of this type of approach on either Spring or Microsoft site. I have done something very similar (except the Entra part was a db of users was used for auth) in AWS so I think I am just quite connecting the dots.
I am working towards the goal of using passwordless authentication rather than a Microsoft login form...but for now I just want to provide this concept out. Can anyone point out design flaws or examples of something very similar I can study?
Here is a basic idea: