Microservice Authentication and Authorization using JWT

1
votes

I have created two microservices Let A and B. Every microservice having its own database and its user table for storing username and password. I am maintaining same Signing key for generating key in all microservice.

User of A microservice can access secure api of its microservice easily. But suppose i want to access secure api of B microservice then it will give me error while setting authentication object in spring security context using UserDetailsService because A microservice user is not exist in B microservice User table.

What i have to do for maintaining secure api communication between microservices with JWT Token?

1
javaspring-bootspring-securityjwtmicroservices
'Every microservice having its own database and its user table for storing username and password. ' - this is wrong, you should have single authentication service that stores credentials. All other services just share JWT sign key to validate JWT token. Also typically whole user profile is stored inside JWT token, so no any other requests to database or authentification server are necessary.Alex Chernyshev
Thanks@AlexChernyshev...Rohit Kavthekar

1 Answers

1
votes

In Micro-service architecture we need to have a separate Micro-service Auth Service. All the request would be validated against this Auth service at API Gateway. Auth service would return JWT for valid requests and that would be passed to all micro-services.

You can refer below for better understanding:

https://microservices.io/patterns/security/access-token.html https://microservices.io/patterns/apigateway.html