Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
razer962019-05-16 17:29:44
JSON Web Token
razer96, 2019-05-16 17:29:44

How to validate a JWT on a microservice that does not have any information about the user?

Hello. I have a question. I am building a microservice architecture. I have a separate authorization service that stores information about the user, JWT is also generated there. Further, the client with the already existing JWT makes a request for some other microservice (for example, a media service), but this service does not have any user information. How should the token be validated in this case? Does each microservice have to make a request through the broker to the authorization service, which will noticeably affect the payload, or is there another solution?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
N
nrgian, 2019-05-16
@razer96

1) Request an authentication server, yes. Cache his responses.
2) Or sign the JWT with the private key of the authentication server. The public key must be known to all services.
3) The authentication server may notify the revocation of the JWT through the MQ server. Of course, each microservice must subscribe to these notifications.

Similar questions
I
Igor2019-10-10 16:36:25
Is there subline text on android? 1Reply
9
95506682020-07-09 01:16:21
How to do the Authentication process in Django? 1Reply
M
Moro Zota2018-07-20 19:18:00
How to use jwt? 1Reply
P
pagicor2021-11-04 16:09:09
Does the refresh token have to be a random string? 3Reply
V
Vimana2018-10-20 15:24:48
How does jwt decode work? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question