<- See All Sessions

Spring Cloud Gateway for Stateless Microservice Authorization

Improving and maintaining tech agility, time to market, and application modernization is challenging as the number of microservices we own and manage grows. How do you track who uses your applications? How can you establish and enforce common policies or flows to authenticate and authorize permissible use? How can you ensure effective governance?

In this talk, we'll share the approach at TD Ameritrade to solve these cross-cutting functions in an efficient and effective way. We'll discuss why and how we decided on API Gateway using Spring Cloud Gateway; the different use cases we're solving; our implementation for authentication and authorization leveraging IDP, OAuth2, and JSON web tokens; and how we brought the whole solution together for microservices running on Pivotal Platform.
Architects and developers attending this talk will see how the API Gateway pattern can help to successfully modernize web platforms with greater tech agility and faster time to market.