Way to secure spring boot micro services apis that will be consumed by a react native mobile app.
I am building a spring boot micro service applications (resource servers) and one spring cloud gateway which will act as the client that interfaces with the micro service applications and will be consumed by a reactive native mobile app.
I am currently considering running one of the micro service as an authorization server and also implement the gateway as a client. Works well with the gateway if authorization grant type is authorization code and the token relay also works well.
The problem I am facing now is that this same flow won't be seamless on mobile (if it is even possible) as there will be a couple of redirects that needs to happen to authenticate the user.
If it is possible, how can I achieve this, else how best can I secure the micro services without exposing the user's token?
3 Replies
⌛ This post has been reserved for your question.
Hey @Kingsley! Please useTIP: Narrow down your issue to simple and precise questions to maximize the chance that others will reply in here./closeor theClose Postbutton above when your problem is solved. Please remember to follow the help guidelines. This post will be automatically marked as dormant after 300 minutes of inactivity.
Are you using JWTs?
you'd probably want one (micro)service that hands out the JWTs (if you need to, you can still scale it but they should have the same keys)
💤 Post marked as dormant
This post has been inactive for over 300 minutes, thus, it has been archived.
If your question was not answered yet, feel free to re-open this post or create a new one.
In case your post is not getting any attention, you can try to use /help ping.
Warning: abusing this will result in moderative actions taken against you.