I'm developing a project using SOA where I have a web application made in Angular 2 and several micro services in Spring Boot, among the services there are the authentication and notification services that could be shared among other applications. On implementing the authentication service I have the following doubts:
-
What is the best authentication method for this scenario? how does it work?
-
Using token authentication would it be recommended to check the token with the authentication service on requests made for other services? (eg create a filter in other services in which the header token is extracted for each request, then it is sent to the authentication service and if it is correct, the user information is returned, otherwise the status 401)?
-
Should user information be persisted in the authentication service?