Basically, I have a microservice A which validates a user by checking the credentials and it needs to forward the user request to another microservice which does further processing of the request. We use session-based authentication. Once the request has been received in microservice B, it needs to keep a record of the user who initiated the request. These microservices talk to each other using RSocket. Now if I need to pass the logged in user info to microservice B, either I can send it as a part of request or I can create a JWT token and pass the token along with the request. The token can be validated at service B for authorization and User details. What would be the best approach? Please suggest if there is any other way in which this can be done in a better way?
1 Answers
0
votes
I would suggest sending the user data in the RSocket metdata. You have a couple options when it comes to this:
Since RSocket is connection-oriented if all traffic from one service to the other was going to be done by the same user you could send the user data once with metadata push on stream 0 during the connection.
If different requests will be for different users then you can send the user data in the RSocket request metadata with each request.
The metadata can be encoded in any way that you like. You could put a JWT token in there if you want, but it doesn't have to be a JWT. You could just as easily create your own object to send the data along.
