How-to: Use Spring Authorization server behind Spring Cloud Gateway

[rcbandit111]

Publish a guide on How-to: Implement the core services behind Spring Cloud Gateway:

[sjohnr]

Related #499

[rcbandit111]

When I can expect this guide?

[rcbandit111]

Kind remind guys. I will appreciate it if someone write me some configuration steps before official documentation is ready.

[jgrandja]

@rcbandit111 It will be a while before we get to this as there are a few higher priority tasks we need to work on first.

If someone in the community can help that would be great. cc @spencergibb

[rcbandit111]

@jgrandja Thank you for the response. I will wait further information.

[jacko9et]

No additional configuration is required if it is only used behind a gateway. However, in the case of load balancing, spring session support is required, because the server uses session to associate authentication actions.

[salutonmondo]

Is this suit your needs #807

[sjohnr]

@salutonmondo I believe this issue is addressing using Spring Authorization Server behind Spring Cloud Gateway, whereas the sample you submitted treats SAS as an identity provider but does not route the requests to it. When we look more deeply at this issue, we'll have to think about what use cases make sense for putting SAS behind the gateway. One that I can think of, for example, is rate limiting to protect the authorization server or specific endpoints from malicious clients.

[uniquejava]

@salutonmondo Thanks for your demo, I added some comments there in your #807, could you shed some light?

[zhoyq-work]

use database to share data between auth servers, this can reslove load balancing problem.

[zhenhe]

any update recently?

[maradanasai]

Hi, any update?

[uniquejava]

I once needed this, after some research, I found what I really need is how to use spring cloud gateway as resource server and verify token from this single point. Finally I managed to do this, and I don't think I need the auth server sit behind spring cloud gateway now. Here is my current demo architecture.

The benefit: I just verify token from spring cloud gateway and pass the resolved user id as http header to my downstream micro-services and all my microservices now don't even have a dependency on spring security.

I once used spring cloud gateway as oauth2 client, --- almost each tutorial on the internet do this, and I think that is too academic/complex and not feasible at all in a real large application.

[zhenhe]

I once needed this, after some research, I found what I really need is how to use spring cloud gateway as resource server and verify token from this single point. Finally I managed to do this, and I don't think I need the auth server sit behind spring cloud gateway now. Here is my current demo architecture.

The benefit: I just verify token from spring cloud gateway and pass the resolved user id as http header to my downstream micro-services and all my microservices now don't even have a dependency on spring security.

I once used spring cloud gateway as oauth2 client, --- almost each tutorial on the internet do this, and I think that is too academic/complex and not feasible at all in a real large application.

good advice，how scg do both verify token and then pass request ？ use filter？

[uniquejava]

@zhenhe Yes, a single UserHeaderFilter will do the job, and here is an example: https://stackoverflow.com/a/71485398/2497876

[dangfsix]

I once needed this, after some research, I found what I really need is how to use spring cloud gateway as resource server and verify token from this single point. Finally I managed to do this, and I don't think I need the auth server sit behind spring cloud gateway now. Here is my current demo architecture.

The benefit: I just verify token from spring cloud gateway and pass the resolved user id as http header to my downstream micro-services and all my microservices now don't even have a dependency on spring security.

I once used spring cloud gateway as oauth2 client, --- almost each tutorial on the internet do this, and I think that is too academic/complex and not feasible at all in a real large application.

Hi. Can you make a sample repo? Many thanks.