How to make available the identity of a user across multiple microservices?

Question

So let's take the basic e-commerce microservices.

1. Identity and access . This microservice will take care of user accounts, roles
   and authentication. The authentication method will be the based on the usual
   token based flow (user enters username + pass and server returns a unique and
   random token via cookie). This service can also be used to get the user profile.
2. Cart microservice. This microservice can be used to put products in a cart.
   Check what products a cart has. Etc ...

Asuming that "Identity and access" microservice will be used for generating the random token as a result of a succesful authentication, and for linking this token to a user, how will this token be used to make the user's identity available to the cart microservice? For example, when a user will add a product to his cart, he will send along the authorization token and the cart microservice will have to identify the user based on that token.

Could a distributed database be an option? A database which has these tokens stored and links to user built, and to which all microservices have access?

Or should all microservices get the user's identity from a special identity and access API which will expose users based on the access token?

Answer 1

A distributed data base definitely conflicts with the following basic principle of micro services:

A micro service owns its data and exposes it via well defined interfaces. No other micro service may access data owned by another micro service directly.

So one solution in this case would be to have a token micro services or the last solution you have described.