DEV Community

Petros Stergioulas
Petros Stergioulas

Posted on • Updated on

Microservices: OAuth2 vs Simple JWT Authentication

I am trying to figure out, how I should implement the security for my microservices architecture.

For example, I have a client(web), a gateway and some other microservices.

Now I am thinking, should I implement my own Authentication/Authorization server(not an OAuth2), which will just authenticate the user? Or should I just pick a standard like keycloak or uaa?

Does it make sense to use a fully OAuth2 capable server?

Top comments (2)

krkd profile image

Please go with a readily available solution. I know that it's tempting to implement authentication / authorization yourself, because using a fully-fledged server product feels overkill. But a tried and tested solution beats something self-built in 99.995% of cases. It will give you less of a headache in the long run.

petros0 profile image
Petros Stergioulas • Edited

Hey krkd, exactly how I thought about it.

I am thinking that it is an overkill, but as you said, it may be better to use something that it is already tested and it is backed up by huge organisation.