N
N
Nastya19202020-06-04 08:12:50
Java
Nastya1920, 2020-06-04 08:12:50

How to implement cross-server requests to authenticate/authorize (jwt) in microservice architecture?

Hey!
Need advice more experienced than me, specialists.
Essence tz: there is a microservice arch-ra. Authentication accepts base64 encoded email&password, returns a jwt-token, authorization - for all requests must accept jwt, check for validity, update (date and roles) and send back in the header. In addition to the token, after authorization, all user data from the database should be sent to the front to update the states (except hashpassword, of course).
The essence of the question: how to implement requests for such a jwt server from other microservices? The jwt itself lies with accounting (for accounting I use spring security and a filter to check and update the token, because all jwt utilities are in the same application, I take them through autowired). That is, if the user clicks on the "add comment" button, some kind of microservice a la a forum must first send the user's token for verification, get an updated one, execute the selected method itself - and return the updated token (in the header, probably) to the user along with what - a response from the database. It just seems strange to me to write two requests on the front for each function: somehow the server must route. Maybe a filter in each microservice, for example... any ideas?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
S
Sergey Gornostaev, 2020-06-04
@sergey-gornostaev

Nope. The front receives a jwt token once upon login, and then sends it in the header to all other microservices until it becomes obsolete. No two requests are needed.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question