I am writing an application with a micro-service architecture and have reached a dead end. I want to protect the application with modern methods (OAuth 2.0). Users are also supposed to be able to customize their profile. Hence the question: how to combine these functions? How to organize the architecture at the same time? how will identification, authentication and authorization take place?
I don't understand a little how to divide such functionality into microservices: to make an authentication service separately and a separate service for working with a profile (in the first there will be user credentials, in the other there will be customized fields. In this case, the first one will generate registration, modification and deletion events for the second one so that it modifies its database) or combine these 2 services and get a huge microservice with many endpoints. I also considered adding Keycloak.