Reputation: 108
Scheduled Communication between two Resource MicroServices
The scenario is I have two Resource Micro Services(Secured with Spring Security), let us assume A & B. A wants to collect data from B on a scheduled way for ex A will call the B's endpoint every hour to collect some data. The catch is two resource services can communicate with each other if they have a valid access token or we can say a user logged in. But scheduled jobs have to run continuously independent of having a logged in User. So what should be the correct way to call B from A.
a. To have a configuration for a super default user to run scheduled jobs, authenticating implicitly?
NOTE: The scheduled job is independent of user intervention.
Upvotes: 2
Views: 867
Answers (2)
Reputation: 617
When we´re working with API security the most used protocol is OAuth 2.0.
When dealing with client-service authentication/ authorization the most fit access token provisioning would be by Authorization Code Flow.
However, when dealing with service-to-service authentication / authorization the most fit access token provisioning would be by JWT Authorization Flow. Is this case the the requestor need to genereate a JWT token using a private key.
But if want to keep simple and the network restrictions are in place you could use a simple client credantials flow in OAuth.
There are a interresting topic about handle batch processing with OAuth 2.0 in the nordicapi blog:
http://nordicapis.com/how-to-handle-batch-processing-with-oauth-2-0/
For more information check the links bellow:
http://websystique.com/spring-security/secure-spring-rest-api-using-oauth2/
http://blog.monkey.codes/how-to-use-jwt-and-oauth-with-spring-boot/
Upvotes: 0
Reputation: 1186
It is better to keep all services outside of the world(isolation on network level) except one service which is the single-entry point for your clients where authentication/authorization handled. So you only need to implement security related operations/validations on that service than let client's request pass through other services.
Since you isolate your services from the world and no security implemented on rest of the services, you don't need token or validation for inter-service communication.
Upvotes: 1
Related Questions
- Spring Boot - how to communicate between microservices?
- Communication between two microservices
- Two way communication between two micro services (spring boot)
- How to handle the authentication between microservices when the application originates the call
- How to provide security for inter-servicee communication in Microservices?
- Authentication and Authorization for microservices architecture
- Microservices inter communication with multiple Microservices
- How to call my authentication microservice in another microservice in spring boot security
- Communication between user-service and auth-service in microservice architecture
- Access Token/Authorization Between Microservices