Suppose that I have mobile application that needs to authenticate using a OAuth2 flow.
I have two options:
- The OAuth Service behind an API Gateway.
- The app calls directly the OAuth Service, and then send requests to the API Gateway.
What is the best practice? What are the cons and pros of each option?
Leave an answer