Reputation: 5256
Caching authentication calls
Imagine, that we have one authentication service and two applications that use It by http call. Where we should put a cache?
- Only authentication service has its cache (redis for example)
- Caching is a part of application number one and two
Upvotes: 1
Views: 127
Answers (1)
Reputation: 9446
Putting your cache inside the applications is a judgement call. It will be far more efficient if it can cache in-memory, but it comes at a trade-off in that it might be invalid. This is ultimately a per-case basis, and depends on the needed security of your application.
You will have to figure out what an acceptable TTL for your cache is, it could be anywhere between zero and eternal. If it's zero, then you've answered your question, and there is no value in a cache layer at all in the application.
Most applications can accept some level of staleness, at least on the order of a few seconds. If you are doing banking transactions, you likely cannot get away with this, but if you are creating a social-media application, you can likely have a TTL at least in the several-minutes range, possibly hours or days.
Just a bit of advice, since you are using HTTP for your implementation, take a look at using the cache-control that is baked into HTTP, it's likely your client will support it out-of-the-box, and most of the large, complicated issues (cache expiration, store sizing, etc) will be be solved by people long before you.
Upvotes: 3
Related Questions
- Microservices authentication
- Microservice Authentication strategy
- How to better utilize local cache with load balancing strategies?
- Proper Inter-service authorization
- Authentication microservice decoupling
- Microservice Authentication Architecture
- Caching in a Microservices architecture
- Authentication/Authorization mechanism for microservices
- Building authentication with Microservices Architecture
- Cross-Microservice Authorization and Authentication