Question
Question how is it possible to create an authentication service within a micro-service application and have other services check against that token (JWT) and retrieve a user?
Possible Solution
My current thinking is based around the auth service inserting { token, user } into Redis once a user is authenticated. All other service can check against the user's Authorization: Bearer kdI8$dj$nD&... header token within Redis.
- If
tokenis present in Redis, user is authenticated. - If
tokenis not present in Redis, user is not authenticated.
- User sends
{ username, password }to auth service - Auth service authenticates credentials and retrieves
{ token, user } - Auth service inserts
{ token, user }into Redis - User makes request to
Service-1with{ token } -
Service-1loooks for{ token }in Redis and retrieves{ token, user } -
Service-1does its thing and sends back{ data }
Are there any possible security, logic or architectural problems with this approach?
