Skip to main contentFreight Trust


Authenticate the API user as well as to enable OAuth 2.0 authorization for all OAuth protected APIs. The Spring Authorization Server is used as an OAuth provider; trading channel applications can delegates authentication and authorization to this component, which verifies credentials using the Auth Microservice.


Interaction with Identity Provider (Auth Microservice)

Interaction with Resource Server API

  • When a client wishes to acquire an OAuth token to call a protected API, it calls the OAuth Provider (Authorization microservice) token endpoint with the username/password of the user and requests a token with scope blue.
  • Authorization microservice will call the Customer microservice to get the credentials and perform the validation.
  • If the username/password are valid, HTTP 200 is returned, along with a JWT (signed using a HS256 shared secret) in the JSON response under access_token which contains the auth ID of the user passed in the user_name claim.
  • The client uses the JWT in the Authorization header as a bearer token to call other Resource Servers that have OAuth protected API (such as the Orders microservice).
  • The service implementing the REST API verifies that the JWT is valid and signed using the shared secret, then extracts the user_name claim from the JWT to identify the caller.
  • The JWT is encoded with scope blue and the the expiry time in exp; once the token is generated, there is no additional interaction between the Resource Server and the OAuth server.


/oauth/authorizeGet authorization token
/oauth/tokenpost authorization token


Project Features

  • Leverage Spring Boot framework to build a Microservices application.
  • Uses Spring Security OAuth.
  • Return a signed JWT Bearer token back to caller for identity propagation and authorization
  • Uses Docker to package application binary and its dependencies.