How to pass an authorization token in microservices when sending a message?

D

Denis Yakovlev2020-07-19 22:55:02

Message Queues

Denis Yakovlev, 2020-07-19 22:55:02

In a microservice architecture, there is an api gateway, an authorization service, and a backend service. Api gateway authorized the user through the authorization service, received jwt tokens. Further, in the case of http requests, the api gateway sends the Authorizaion: Bearer JWT-Token header to the backend service, which already contains the user's identity. Are there any established practices on how to pass the user's identity when sending messages through the message queue?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Artem Silantiev, 2020-07-20
@AntiStream

Passing the "Authorizaion: Bearer *JWT-Token" header in every api request is already one of the well-established practices.
JWT is an encrypted message (JSON) that contains a userId, thanks to which the backend associates the request with some user.
Previously, they could simply transfer some kind of token, such as sessionid, which pointed to some kind of record in the database for the backend, where information about the user ID was stored, but now JWT is mainly used, while JWT is also stored in the database usually.