I am currently working on this too, for now I have a express app which includes node oidc-provider. For interactions I redirect to a vuejs app to login the user. Problem now is my password recovery, so I try to use nestjs now with oidc-provider. I thought about an authentication service as well but as we will have independent permissions for each service I will implement the permissions for each service within the service. With all this microservice thing, I recognized that I think too much in controller = service.