Before introducing OAuth 2.0 and OpenID Connect, let's clarify what we mean with authentication and authorization. Authentication means identifying a user by validating credentials supplied by the user, such as a username and password. Authorization is about giving access to various parts of, in our case, an API to an authenticated, that is, an identified user. In our case, a user will be assigned a set of privileges based on OAuth 2.0 scopes, as explained hereinafter. The microservices will be based on these privileges determine whether the user is allowed to access an API.
OAuth 2.0 is an open standard for authorization, and OpenID Connect is an add-on to OAuth 2.0 that enables client applications to verify the identity of users based on the authentication performed by the authorization server....