As part of my Springboot micro services project which is running behind Springboot Gateway.
I have different auth servers like our own Auth Server as well as using Google's and Facebook's Open Id authentication.
Once the user application acquired the token, its being passed as bearer token. And one header to denote which Auth Server's token it is .. like sso=oursso, sso=google, or sso=facebook etc.,
Now at Gateway, I need to authenticate the token based on sso header value.. if its google , invoke google token validation api, if its facebook invoke facebook's token validation api or if its oursso then our own authserver's token validation api..
How can I achieve it..
1. Can I do it using Springboot Security
2. Should I write simple web filter and read the header value and invoke the validate token service ..