I decided to try for the first time to implement a microservice architecture instead of a monolithic one and ran into an authorization problem. In a monolithic architecture, I simply passed the token in the header when accessing the controller on which the [Authorize] attribute was hanging and checked it against the current single database. But in the microservice architecture, each microservice has its own database, how you can check the token when accessing other microservices, I have heard about the implementation of the check in API Gateway, but I think that, anyway, each microservice should have its own check, since, there should be no access to the api if the user is not authorized. Should I use api gateway to make a request to the authorization microservice for verification? How can I implement this?
I have a separate microservice for user authorization (registration, login, issue of tokens) which has a database of users with tokens. That is, I need to make a request to this microservice using API Gateway?
