All Projects
Backend
Secured Microservices — OAuth2 / OIDC / Keycloak
Secured e-commerce microservices where Keycloak is the central authorization server. Two Spring Boot resource servers (inventory, order) validate Keycloak-issued JWTs; order-service calls inventory via OpenFeign with bearer-token propagation; an Angular client logs in via OIDC.
2
Resource servers
Keycloak
Identity provider
OpenFeign
Inter-service
Angular OIDC
Client
Approach
Keycloak as central IdP; JWT resource servers + role-mapping converter + Feign token propagation
Tech Stack
Java 17Spring Boot 3.2Spring SecurityKeycloakOAuth2/OIDCOpenFeignAngularH2Swagger
Keywords
KeycloakOAuth2OIDCJWTSpring SecurityOpenFeignAngularMicroservices
Deep Dive
A focused study of OAuth2 / OpenID Connect security for microservices, with Keycloak as the identity provider for an e-commerce domain.
Architecture
┌──────────────┐
│ Keycloak │ realm: sdia-realm (:8080)
│ (OAuth2/OIDC)│
└──────┬───────┘
│ JWT (Bearer)
┌──────────────────┼──────────────────────────┐
▼ ▼ ▼
┌───────────────┐ ┌───────────────────┐ ┌───────────────┐
│ ecom-app │ │ order-service │ ──► │ inventory- │
│ (Angular) │ │ :8088 (OpenFeign) │ │ service :8087│
└───────────────┘ └───────────────────┘ └───────────────┘
propagates the token via FeignInterceptor
Security details
- ▸
SecurityConfigregisters each service as a resource server (oauth2ResourceServer().jwt()) - ▸
JwtAuthConverterconverts Keycloak realm/client roles into Spring Security authorities - ▸
FeignInterceptoron order-service forwards the bearer token to inventory-service - ▸Both services use H2 in-memory databases; order-service ships Swagger UI
Modules: inventory-service (products, :8087) · order-service (orders, :8088) · ecom-app-angular (OIDC login client, :4200).