I want to create a project with spring boot, based on microservices. I implemented a gateway with Zuul and now not sure what to use for the security between microservices. I need the microservices to be aware of the user's permissions when they get a request, also they might communicate with each other, not only gateway. I am using spring boot 2.5.7 , but seems that oauth2 is deprecated, I also read about spring authorization server, but it is is experimental. What should i use for security and also if you have some tutorials will be great.
P.S. It will help a free solution, even if it means more implementation.
Thank you.
Some precisions:
Spring Security OAuth2 is deprecated because the OAuth2 features (except the authorization server) were merged into spring security core. About spring authorization server, the project is no more experimental see releases notes: https://github.com/spring-projects/spring-authorization-server you can use it as an oauth2 provider.
That means, you can use spring security core to protect your microservices using any OAuth2 provider (Google, Github, Keycloak, etc...). The choice is yours, your requirements are so common nowadays, it will not be really difficult to find a solution.