I am having two microservices say A and B. A contains the spring security configuration such as validating the token, verifying the token, role based Authentication and APIs such as user registration and user login. My goal is to register one user(using API in service A) and login the user(using login API in service A) which will give access token and refresh token. After the successful login with the help of token the user needs to access the API inside the Service B where authorization and authentication checks should happen for the user. How can I achieve this or I want to know how the authentication, authorization, role based setup will be there in microservices based project?

Approach used: Setup two services A and B. In service A, I have security configuration now when I call the API in service B with the token the authorization and authentication should happen with the configuration present inside the A.

I am having two microservices say A and B. A contains the spring security configuration such as validating the token, verifying the token, role based Authentication and APIs such as user registration and user login. My goal is to register one user(using API in service A) and login the user(using login API in service A) which will give access token and refresh token. After the successful login with the help of token the user needs to access the API inside the Service B where authorization and authentication checks should happen for the user. How can I achieve this or I want to know how the authentication, authorization, role based setup will be there in microservices based project?

Approach used: Setup two services A and B. In service A, I have security configuration now when I call the API in service B with the token the authorization and authentication should happen with the configuration present inside the A.

• spring
• spring-boot
• security
• spring-security
• websecurity

• Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Bot Commented Mar 17 at 10:44

2 Answers 2

I think that you need a different approach.

You want service A to behave as an authentication server and service B as a client to access resources.

If I were you I would:

1. Use spring oauth2 authentication-server (or external provider like Keycloak) to manage your clients

2. Register service A and service B as spring oauth2-client

And use built-in functions and features to retrieve and manage tokens and restrict access to endpoints.

One way I think of it is simple:
Service A provides an API: /check_token, Service B adds an Interceptor to intercept all requests, and then calls Service A's API to verify and obtain permissions