Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
razer962019-05-24 10:47:42
JSON Web Token
razer96, 2019-05-24 10:47:42

Is it worth it to validate JWT on each microservice if validation occurs on the API Gateway?

Good day to all. The question is simple, from a security point of view, is it worth it to validate JWT on each microservice, provided that JWT is initially validated on API Gateway before being proxyed to the desired microservice? Or is it an unnecessary load and time spent processing the request? Or, from a security point of view, it makes sense to protect each route on microservices?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
Ivan Shumov, 2019-05-24
@razer96

In the general scheme, it depends on whether you guarantee the security of traffic between the API gateway and the backend. If you are talking about AWS API gateway, then you do not need to transfer the token further at all, but the necessary information is enough

Similar questions
S
Stanislav Kim2015-11-12 13:25:16
Is JWT authorization implemented securely? 1Reply
W
Wasya UK2018-04-13 13:23:51
Should I use json web tokens? 1Reply
A
askar982020-06-11 14:12:37
Questions about how refresh token JWT works? 1Reply
S
Safronov_Alexei2020-06-30 18:18:02
How to connect Django channels to SimpleJWT? 0Reply
W
ward_ua2021-10-03 23:00:46
Why does a JWT include an open payload? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question