Microservicessystem_design~12 mins

OAuth 2.0 for microservices - Architecture Diagram

Choose your learning style9 modes available

Learn Why Deep Arch Practice Challenge Design Recall Scale

System Overview - OAuth 2.0 for microservices

This system uses OAuth 2.0 to securely authorize users across multiple microservices. It ensures that users can access only the services they are allowed to, using tokens issued by a central authorization server.

Key requirements include secure token issuance, token validation by microservices, and seamless user experience without repeated logins.

Architecture Diagram

User
  |
  v
+----------------+
| Load Balancer  |
+----------------+
        |
        v
+-------------------+
| API Gateway       |
+-------------------+
   |           |
   v           v
+---------+  +---------+
| Service |  | Service |
| A       |  | B       |
+---------+  +---------+
    |           |
    v           v
+-------------------+
| Authorization     |
| Server (OAuth 2.0)|
+-------------------+
        |
        v
+----------------+
| Token Storage  |
+----------------+
        |
        v
+----------------+
| Database       |
+----------------+
        |
        v
+----------------+
| Cache (Redis)  |
+----------------+

Components

User

actor

Initiates requests and authenticates to access microservices

Load Balancer

load_balancer

Distributes incoming user requests evenly to API Gateway instances

API Gateway

api_gateway

Central entry point that validates OAuth tokens and routes requests to microservices

Service A

service

Microservice that serves specific business functionality after token validation

Service B

service

Another microservice that serves different business functionality

Authorization Server (OAuth 2.0)

authorization_server

Issues and validates OAuth 2.0 tokens for user authentication and authorization

Token Storage

database

Stores issued tokens and their metadata securely

Database

database

Stores application data accessed by microservices

Cache (Redis)

cache

Caches token validation results and frequently accessed data for performance

Request Flow - 17 Hops

User → Authorization Server (OAuth 2.0)

Authorization Server (OAuth 2.0) → Token Storage

Authorization Server (OAuth 2.0) → User

User → Load Balancer

Load Balancer → API Gateway

API Gateway → Cache (Redis)

Cache (Redis) → API Gateway

API Gateway → Authorization Server (OAuth 2.0)

Authorization Server (OAuth 2.0) → Token Storage

Authorization Server (OAuth 2.0) → API Gateway

API Gateway → Cache (Redis)

API Gateway → Service A or Service B

Service A or Service B → Database

Database → Cache (Redis)

Service A or Service B → API Gateway

API Gateway → Load Balancer

Load Balancer → User

Failure Scenario

Component Fails:Authorization Server (OAuth 2.0)

Impact:New token issuance and validation fail, blocking user authentication and authorization. Cached tokens may still allow some requests temporarily.

Mitigation:Use multiple authorization server instances with failover and replication. Cache token validation results to allow short-term continued access during failure.

Architecture Quiz - 3 Questions

Test your understanding

Which component is responsible for issuing OAuth 2.0 tokens?

ALoad Balancer

BAPI Gateway

CAuthorization Server (OAuth 2.0)

DService A

Design Principle

This architecture demonstrates secure, scalable authorization using OAuth 2.0 in microservices. It uses token caching to reduce latency and dependency on the authorization server for every request, improving performance and resilience.