meower icon indicating copy to clipboard operation
meower copied to clipboard
verified publisher icon tinrab

Authorization / Authentication

Open torniker opened this issue 7 years ago • 1 comments

What is the best way to implement Authorization / Authentication for this architecture?

torniker avatar Jun 07 '18 10:06 torniker

The best way would be to have a separate service and include its definitions in each service that needs to authenticate requests. In a world of microservices, you could create a service that has a database of users and exposes endpoints for logins and authorizations. Another service can call this service whenever a request needs to be authenticated. But when you only need to verify JWT tokens, you cache certificates in a specific service and save on a couple of roundtrips. Overall, I'm not sure. It's sort of complicated and there are many ways of achieving this.

tinrab avatar Jun 09 '18 18:06 tinrab