I am trying to figure out, how I should implement the security for my microservices architecture.
For example, I have a client(web), a gateway and some other microservices.
Now I am thinking, should I implement my own Authentication/Authorization server(not an OAuth2), which will just authenticate the user? Or should I just pick a standard like keycloak or uaa?
Does it make sense to use a fully OAuth2 capable server?
Top comments (2)
Please go with a readily available solution. I know that it's tempting to implement authentication / authorization yourself, because using a fully-fledged server product feels overkill. But a tried and tested solution beats something self-built in 99.995% of cases. It will give you less of a headache in the long run.
Hey krkd, exactly how I thought about it.
I am thinking that it is an overkill, but as you said, it may be better to use something that it is already tested and it is backed up by huge organisation.