Reputation: 96
Authentication microservice decoupling
I want to make a simple project with a couple of microservices.
I have User microservice, which controls the all user related staff like user creation, update information about the user, etc.
And now I need to do the authentication for my project. And I stuck a bit. I want to implement simple JWT authentication with refresh tokens. I know how to do that but I don't know where to do that.
So my question is: do I need to do authentication logic on the User microservice, or I need to keep it separate and create the Auth microservice?
If I choose the second option with separate Auth microservice, in which way should I handle the creation of the user? Create it firstly in Auth service and then call the User service from it? Or create it on User service then create it on auth service?
Upvotes: 1
Views: 264
Answers (1)
Reputation: 4002
You can do it in user microservice as long as it's independent and can issue token. I would advise to use federated identity providers rather writing your own. e g. azure ad or auth0.com . They are generally better secured and follow the best practices. You get many out of box features using federated identity providers e.g. login with fb google etc.
Upvotes: 2
Related Questions
- Microservices authentication
- Microservice with auth as separate service
- Microservice Authentication strategy
- Authorization and Authentication in microservices - the good way
- Microservices - managing external system auth-token
- Proper Inter-service authorization
- Microservice Authentication Architecture
- Building authentication with Microservices Architecture
- Authentication and Authorization in Microservices
- Cross-Microservice Authorization and Authentication