Spring cloud gateway with open source IDP

Question

Looking for examples to implement integrating Spring cloud gateway with an open source IDP like keycloak, UAA for REST APIs. There are some examples like below which use authorization code flow which in turn requires browser interaction.

https://blog.jdriven.com/2019/11/spring-cloud-gateway-with-openid-connect-and-token-relay/ https://spring.io/blog/2019/08/16/securing-services-with-spring-cloud-gateway

But since most are back end APIs exposed in spring cloud gateway, there is no browser involved. Could you please help advise how to implement both authentication and role based authorization for APIs in spring cloud gateway using an open source IDP?

Regards
Jacob

Answer 1

I would focus your efforts on building Rest APIs and designing how you will authorize access to data. In OAuth this is done at 3 levels:

• JWT validation
• Scopes
• Claims

Choose an Authorization Server that you can run as a Docker container - you will configure this via an Admin UI but will not require you to write any code. It has endpoints that both APIs and clients will use.

For authentication I would start by using OAuth Tools so that you can run the authorization code flow and get an access token, then call your APIs with it via curl.