DSCI Microservices Series - WSO2 OAuth POC

In this challenge we are looking for a Proof of Concept solution to demonstrate using OAuth 2.0 client credentials for establishing trust between two microservices. The goal is to develop two sample microservices where both will be registered to WSO2 Identity server - one as Resource Owner and the other one as a client. Services should be developed using Spring Boot, latest stable version. Here is the process in more details

 

1. Client Microservice will be registered to WSO2 and will have client id and secret

2. Resource Owner Microservice will also be Registered to WSO2 as resource Owner and will have client id and secret of its own

3. Client Microservice will make a call to Authorization Server using its id and secret and get an access token.

4. Client Microservice will then make a call to access a resource from resource owner microservice. While making that call it will attach access token to its header.

5. Resource owner Microservice will extract the access token and authenticate it with authorization server. If authenticated it will send back the resource

6. On authentication error, the apprioriate http error code (401) and error message should be returned (invalid/expired/missing token or grant type)

 

The exact request and response of the Resource owner service aren't very important, but do try to emulate some real world scenario like Movie Service <-> Movie Recommendation Service, Authorization service calling Licensing service, etc (in other words, don't call the services ClientService and ResourceOwnerService)

 

Services should produce daily logs with all requests/responses/errors persisted to log files. Unit tests, swagger and postman files are required only for Resource Owner Microservice. Annotations are preferred over xml configuration where possible. 

 

Create a Docker image for the services. Both images should have just the minimal environment and should start only the app process (so don't make the entrypoint be a bash shell). Application code should be embeded into the image, and not mapped as a volume. Service logs directories should be mapped to a directory on the host. Also, create a docker-compose script that will manage both service containers and the WSO2IS.

 

Include instructions for deploying the services locally (both with docker and within development environment), and Heroku (docker)