Topic: oAuth + Microservices
Companions, prompt the correct approach in the following situation. There is a certain application on microservice architecture with a kernel on Java and Spring and oAuth2. There is component S responsible for authentification and output access and refresh , them and actually authorization of requests to other components And, B, a C. Web application W which is written should work with components A, B, a C and authorizing the user through S. A question: in such microservice with oAuth inside as on best practises do session management between a web application W and the user? I see 2 options: 1. We have traditional a web-sesiiju with normal session ID between W and the user on normal , thus on server W we have the sessions and access+refresh tokens received c S for operation with A, B, a C. 2. We work with access+refresh tokens only, deducing them on a client part, too in ., and like as refresh a token normally do not shine on the client? What of options generally are reasonable in this situation? I can something I miss in understanding oAuth and microservices?