Answer the question
In order to leave comments, you need to log in
How to pass an authorization token in microservices when sending a message?
In a microservice architecture, there is an api gateway, an authorization service, and a backend service. Api gateway authorized the user through the authorization service, received jwt tokens. Further, in the case of http requests, the api gateway sends the Authorizaion: Bearer JWT-Token header to the backend service, which already contains the user's identity. Are there any established practices on how to pass the user's identity when sending messages through the message queue?
Answer the question
In order to leave comments, you need to log in
Passing the "Authorizaion: Bearer *JWT-Token" header in every api request is already one of the well-established practices.
JWT is an encrypted message (JSON) that contains a userId, thanks to which the backend associates the request with some user.
Previously, they could simply transfer some kind of token, such as sessionid, which pointed to some kind of record in the database for the backend, where information about the user ID was stored, but now JWT is mainly used, while JWT is also stored in the database usually.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question