I have been trying to build a spring distributed application that works on JWT. Github repo - https://github.com/dhananjay12/spring-microservice-demo
- product-service : A simple downstream service having protected routes
- jwt-resoure-server : A jar that when included in downstream services make it a resourceserver that extract jwt token and set it in security contex.
- eureka-service : Discovery service
- zuul-server : Edge server
- Okta is my auth server
I have set oauth grant type to be - Authorization code (I know for spa implicit grant type is recommended but lets say due to some constraint in future we are restricted to this grant type)
So angular client after successfully login, auth server revert back to the angular app with authorization code like :
Now I have to hit auth server with this code to get the access and id token.
Since this requires client secret, I have to pass it through zuul (as only back-end service can have client secrets), which should add client_secret to the body and forward the request to auth server.
I am struggling with this last part. Any insights? Tried creating a TokenFilter, but its not working for post request. https://github.com/dhananjay12/spring-microservice-demo/tree/master/zuul-server/src/main/java/com/mynotes/microservice/zuulserver