Spring security Oauth2 client credentials horizontal scaling

Question

My rest api on spring boot application is secured with spring security Oauth2 client credentials with memory token.

How can I horizontal scale my application so access token will be valid in any scaled instances ?

Answer 1

I am guessing that you are running an Authorization Server that is embedded in your Spring application. If you want to scale horizontally you need to separate the two concerns. There are two ways to do this.

1. Run multiple REST / API servers and a single separate authorization server. The JWT granted by your single authorization server would be valid across all your REST / API servers as long as you configure your verifier correctly.
2. If you can for your project, use a third party authorization service like Auth0 or Okta to grant JWTs. The JWTs granted by these services would be valid and verifiable across all of your REST / API servers. These services will make your life easier since the provide HA and scalable Authorization server implementations. They are also more secure than trying to run your own authorization server.