I'm implementing OAuth2 in my spring app and I have one question.
Well, I have authorization server and resource server. I chose password flow.
Everything works correctly. But I am not sure where I should store users. I have two database - one for authentication server, another one for my RestApi - resource server.
At this moment I store users in my restAPI database. Why? Because I need information about user in my restAPI. What do you think? I wonder if my authentication server has access to the resource database is a good way... I am not sure.
As my resource server has access to the authentication database (to validate user token) - maybe the better way is storing users in that database?