aymen marouani
Thanks for your answer
John Hines
If I wanted to use this same configuration but to secure Rest APIs using client credential flow, how would I do that?
Still using the Eureka and Zuul setup, but instead of having a user authenticate into the web app allow for a client service call my authorization server /token to get an access token and call the edge service passing the Bearer header with the token. The edge routes the request to the internal Spring Boot Service (in this case Beer Catalog Service).
Based on this documentation, the same clientId and secret are set in both Edge and Internal application.properties files which won’t accommodate having several internal services (e.g. Chips Catalog Service). Each service would have it’s own clientId and secret.
Matt Raible
Hello John! It’s nice to see you here. 
Have you seen @disqus_u7ZhPHjjDC’ Secure Server-to-Server Communication with Spring Boot and OAuth 2.0? I believe you could use this to set up communication between services. The only downside to this approach is you wouldn’t have any context of who the user is.
John Hines
I’ll check it out. Thanks!
Kophek90
Hi, this article helped me quite a lot. I’ve found 1 issue.
1. I needed to add @Bean annotation to FilterRegistrationBean<corsfilter> to get the desired result.
Did you manage to get /logout endpoint working without throwing 403?
Also logging out in Angular Appliaction seems to set user as undefined but doesn’t remove it’s token from tokenManager. So even though user has logged out requests sent from the app are technically still authorized on the backend side. I’ve checked the documentation at okta-sign-in-widget but cannot find a way to manually remove the token from token manager on logout. The easy solution would be to not display certain elements when user === undefined, but I don’t like keeping the token after logout. I’m probably doing something wrong trying to remove the token. Could you tell how do I deal with this situation ?
Matt Raible
There’s a good chance you’re right. This blog post is ancient in internet time. I’ll run through it again in the next week or so and update it if I find issues. If you want to try and beat me to it, I’ve been known to send { okta } t-shirts to folks that submit pull requests! 
I’d suggest you check out Java Microservices with Spring Boot and Spring Cloud for a newer version.
If you’re using Spring Boot on the backend, I recommend you use a logout implementation similar to the one I implemented in JHipster.
You might also check out OpenID Connect Logout Options with Spring Boot.
Kophek90
Thanks for the quick response !
In my project I’d like to use the client app for auth purposes.
Okta Sign In examples might do the trick for me and other people looking to authorize through the client app