Learn More
Resend Email
2
dUcKtYpEd
12d

This seems to be a hard answer to find: with the api gateway approach to micro-servicing, Does the JWT or whatever token your working with thats sent to the gateway need to be passed to and from other services its acting on? Or are the services suppose to be behind a secure network that only the public gateway has access to ? Im trying to map out my first real take on this architectural approach and have had trouble finding support around this topic.

question

microservicing

micro-service

architecture

microservice
Favorite
Ranter
Comments
  • 0
    12d
    No. Internal network, or, different, internal tokens
  • 0
    12d
    @bagfox so your saying either or but keep entirely within an internal network ?
  • 2
    12d
    from what i understand:
    the browser or app sends an request to the gateway. the gateway sends it to the containers and they process it and use jwt to ensure that the user is authorized for the request.
  • 2
    11d
    Services should be internal and should not need to know about authentication. (You don't want to update all your services if you need to update your authentication scheme or add support for additional ones)
  • 1
    11d
    @ItsNotMyFault damn that’s a great point.
Related Rants
devRant © 2020 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment