I am building an application which consists of 3 server. The first is my Authorization server
, the second is my Database server(API)
and finally my front-end server
. I want to use asymmetrical encryption to encrypt the access token generated by my Authorization server
so that sensitive data is not compromised and also so that i can send it along to my API
and verify that the user making a request is actually who they claim to be. Is there anything in Laravel Passport that will make this implementation possible or is it better to use a third party library like PASETO or PHP JWT Framework??
Currently when i make a request to the Api
- The Api makes a call to the
Authorization server
to validate user using the access token. - The
Auth server
validates the User - If user validates, Api delivers the resources we asked for, else it return a validation error.
What i want to achieve with the Asymmetrical encryption is to eliminate the call to my Auth server
before every request to the API and i read that i can achieve this using asymmetrical encryption.