Zuul-Netflix as an API Gateway - Authorization by OAuth 2.0

Question

I´m developing a serie of services and I'm considering to use Spring Cloud Zuul as an API gateway to enforce filters, routing, balancing, authentication and authorization.

For authorization we're going to use OAuth 2.0, using GitHub as the OAuth resource server. Zuul is going to be responsible to validate the OAuth Access Token.

We did a little research and I found more documentation about doing this task in Spring Boot REST Service directly.

For our projetct we're trying to do something like this.

Spring Boot Startup:

package com.microservice.demo.api.gateway;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
import org.springframework.cloud.netflix.zuul.EnableZuulProxy;

import springfox.documentation.swagger2.annotations.EnableSwagger2;

@EnableOAuth2Sso
@EnableZuulProxy
@EnableDiscoveryClient
@SpringBootApplication
@EnableSwagger2
public class ApiGatewayApplication {

    public static void main(String[] args) {
        SpringApplication.run(ApiGatewayApplication.class, args);
    }
}

Spring Boot application.yaml:

# Spring Application Configurations
spring:
  application:
    name: api-gateway

  # OAuth
  oauth2:
    client:
      clientId: 218a201e423999fa61af
      clientSecret: 59039da2197d8c7fb617bb9d5cb495d864f2a376
      accessTokenUri: https://github.com/login/oauth/access_token
      userAuthorizationUri: https://github.com/login/oauth/authorize
      clientAuthenticationScheme: form
    resource:
      userInfoUri: https://api.github.com/user
      preferTokenInfo: false

# Server Configurations
server:
  port: 8075

# Zuul Properties Configuration
zuul:
  #Service will be mapped under the /api URI
  prefix: /api

  #  Uncomment to disable auto-registering all services read from Eureka
  #  ignoredServices: '*'
  routes:
    prospect-service:
      path: /prospect/**
      serviceId: prospect-service-v1


# Eureka Client Configurations
eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:9761/eureka/

# Security
security:
  user:
    name: admin
    password: admin

When I'm try to request I´m always getting a forbidden. Am I missing something here?

The whole project is in github.