1 posts in this category
Applying the reactive manifesto to microservice architecture is a difficult problem to solve. One of the more difficult facets of this type of architecture is designing secure microservices. One common way to secure microservices is by using JSON web tokens to securely share authentication information between services and clients. This standard is great as the authentication information can be encoded directly in the token instead of needing to be queried from a central location on every service call. For example, upon logging in to an SSO page, the authentication service can create a JWT using a private RSA key to sign the token, and this JWT is returned to the client. The client can then use this JWT on subsequent calls, and the integrity of this token can be checked against the public RSA key of the authentication service. As a neat side effect, microservices do not need to be proxied by an authentication gateway as the authentication information is now self-contained and verifiable in a distributed fashion.