Should I implement OAuth2 endpoints and User Data endpoints in the same microservice?

Question

I am building a microservice that implements OAuth 2 for user authentication. My doubt is that if the topic of retrieving the information of the current user (Example: /users/me obtains the user data encoded with json), it should be implemented in the same microservice or they should go in different microservices following the Domain Driven Design pattern.

Answer 1

It would depend on your services architecture, how your domain is organized. But generally speaking, it makes sense to have Authentication server outside your UserData micro service because

1. Auth Server endpoints would be used more than the user data endpoints since it validate tokens i.e., the entry point of any request. It allows you to scale up Authentication individually.
2. Some micro service don't really need the user data, they only need the scope (and probably userID and/or some basic information?) to service the request.
3. User data can mean more than just user id, it could include details ranging from Name, Address upto (but not limited to) SSN or profile icon (which has little to do with authentication)

But on the other hand, if your application requires user data to be part of the auth response payload or if you don't plan to have a lot of micro services, it would make sense and easier to implement in the same service. Maintaining a service boundary with persistence layer separation helps if you plan to split them in the future.