Implement OAuth2 Security for microservices

Since there is a lack of samples on how to secure microservices and this is the most suggested method, it could be a good idea to implement this type of security for communication between microservices and securing them from outside requests

[mszarlinski]

I think that incorporating Spring Cloud Security to our project is a natural follow up of what we already have done here. I am only wondering if securing our demo application wound't make it too complicated. I would like to keep this project as simple as possible, helping people to get started with Spring Cloud. Maybe we should create a separate branch for an OAuth2 version? @arey @dsyer

Agree in keeping the project simple, but would be great to have a branch with the OAuth2 implementation.

[mszarlinski]

Would you like to contribute or to leave implementation to someone else? I think we can go with separate branch first and then decide whether to merge secured version to master.

I would be glad to help as much as I can, but I'm not experienced with oauth2 used in microservices. I wanted to use this as a good base to learn the correct way to implement the service.
I could implement what I know till now and then someone else check for improvements

[mszarlinski]

Hi @ScopeSebastian, any update on this? :)

[pmj0yce]

I'd be interested in contributing to this and other security related items. In particular what I would like to add (as individual tutorial branches) is:
1) Securing microservices secrets with Hashicorp Vault
2) OAuth2 authentication
3) Authorization based on both roles and URL in each service
4) Authorization in Angular UI (or maybe migrate to React with auth).

FWIW I have experience in each of these in my day job. What is the process on this project ? Just go ahead and implement then submit a pull request ? Something else ...?

[arey]

Thank you @pmj0yce for your proposition.
We could have a secure version in a separate branch you'll be in charge to maintain (synchronize with the master branch).
I propose to keep AngularJS. You may go ahead and submit a PR :)

[briceamk]

there is any update about Secure version?

[arey]

We are looking for some contributors. @pmj0yce was interested but I we didn't have any news.

[simrin051]

Hi @arey

Ca i take up this issue. @arey Can you provide an outline on this issue. If i am not wrong i should just implement OAuth2 security for microservices,

[simrin051]

Hi @arey / @dsyer

Can i take up this issue Can you please advice.

[pmj0yce]

I was unable to to take this up due to work changes and then I thought the project was inactive so please don’t hold off taking it up on my account

…

On Oct 21, 2021, at 2:37 PM, simrin051 ***@***.***> wrote:  Hi @arey / @dsyer Can i take up this issue — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[simrin051]

@pmj0yce

Can i go ahead with the issue?