Managing authentication and authorization is a critical task in every well-designed web application or service. OAuth2 and OpenID Connect are a popular way of handling those security concerns in a distributed system like microservices, and Spring Security provides native support for it.
In this session, I'll present how Spring Security implements OAuth2 and OpenID Connect, both for imperative and reactive applications (clients and resource servers). I'll cover different patterns for authentication and authorization in a microservices architecture, highlighting the differences when using SPAs like Angular or backend template engines like Thymeleaf. As the authorization server I'll use Keycloak, and I'll show you how to integrate with Spring Boot.