I haven't read your book yet though from the outline it looks like you have not addressed the use case I have, which is to have a Spring OAuth2 Authorization Server behind an edge server (Zuul) granting tokens.
John Carnell wrote:Hi Paul,
... dealing with OAUTH in chapter 7 of the book. ...
Thats probably one of the bigger mindshift's that we moved away from as Java J2EE developers to multi-language microservice developers. ...
I'd be interested to see if you tried that yourself and if you haven't then have you considered it?
I wanted to have only one public facing server, the edge service, and then the auth server behind that. It sounds simple but was hard to figure out. If you are interested in that then I can show you the code on how I did that. I would be interested in co-authoring a security chapter with you in a future version of this book if you are interested