We want to secure our microservices. Security is essential for microservices applications, especially because of the distributed characteristics.

On the microservices architectural style, usually, there is a service that will act as an authentication service. It means this service will authenticate the requests in our microservices group.

Spring Cloud Security provides a declarative model to help developers enable security on applications. There is support for commons patterns such as OAuth 2.0. Also, Spring Boot Security enables Single Sign-On (SSO).

Spring Boot Security also supports relay SSO tokens integrating with Zuul proxy. It means the tokens will be passed to downstream microservices.

For our architecture, we will use the OAuth 2.0 and JWT patterns, both integrate with Zuul proxy.

Before we do so, let's understand the main entities in OAuth 2.0 flow: