Question
Question how is it possible to create an authentication service within a micro-service application and have other services check against that token (JWT) and retrieve a user?
Possible Solution
My current thinking is based around the auth service inserting { token, user }
into Redis once a user is authenticated. All other service can check against the user's Authorization: Bearer kdI8$dj$nD&...
header token within Redis.
- If
token
is present in Redis, user is authenticated. - If
token
is not present in Redis, user is not authenticated.
- User sends
{ username, password }
to auth service - Auth service authenticates credentials and retrieves
{ token, user }
- Auth service inserts
{ token, user }
into Redis - User makes request to
Service-1
with{ token }
-
Service-1
loooks for{ token }
in Redis and retrieves{ token, user }
-
Service-1
does its thing and sends back{ data }
Are there any possible security, logic or architectural problems with this approach?