1
votes

I wants to communicate between different microservices, but the problem that is arising is microservices are secured with jwt token and I am not able to find a way to send a secured call to the other microservice from first microservice. Is there is a way I can communicate with the service method directly because if I make my api open it will be misused.

Or I have to go through api gateway to send every request through api gate way and make a secure communication from there.

2
Why not just pass the token trough to your other MS? Each MS could then verify again against the same token and you would only need to submit it on the initial API call.T A
My question would be why you need to communicate cross service in the first place? If it is purely to return data back to a caller than a gateway API would be the way to go. In my personal opinion Microservices should not have a need to talk to each other directly, though they might care about events triggered from one-another.Nope
my requirement will be to get particular role from role ms to user ms, but whenever I am using feign or rest template for internal calls other ms throws 401. So my requirement will be to implement my microservices such that all the communication can be done between ms and external communication can be done using api gateway.Akash Prakash

2 Answers

3
votes

It all depends on what are the exact requirements of your project.

Gateway API usually is used to hide the complexity of microservice from external users that usually have 1 endpoint to talk to.

Also the gateway can handle the security and Authenticate the user (which many companies do indeed).

Now when you pass the gateway and your authenticated request reaches the client, usually you already have a user identity on the request (what was put onto the request by the gateway).

So you know that user "John Smith" has triggered the request.

And now if you need to call another microservice you should decide (and again its your decision):

  1. Whether you need an authentication at all there (maybe internal communication doesn't have to be secured between microservices(

  2. If you do need an authentication between microservices, who authenticates the request? If its a gateway, all authentication logic is there, but you have to make an additional hop for each request that might be costy Alternatively If its a direct call, each microservice must implement an authenticat logic. Sure, there is stuff like spring security, other languages/ecosystem have similar solutions, but in general this can be difficult to implement.

  3. If you do make an authenticated call from microservice A to microservice B and the flow was originated by user John Smith that triggered a request to service A, you should decide whether the semantics of the call is:

    • User "John Smith" contacts the service B, or...
    • Service A contacts Service B on behalf of user John Smith. This is really important for authorization if you have any kind of permissions system.
  4. In term of technical implementation usually you can add a JWT header to the request with the required token. If the request was already authenticated and you need to generate user identity, you can merely put a couple of headers on the request.

0
votes

You can have two api gateway:

  • one exposed outside
  • and another one for microservices communication within container.

The one which is exposed outside does the validation of tokens and send claims to the microservices where those claims are used for validation of route protection.

Between microservices communication, send claims that you already have with the second gateway. Hope this helps. If you have found any alternative way let us know.