How to call a secure microservice endpoint through zuul or any api gateway

Question

I have a springboot application. The endpoints are secured, they need jwt token authorization inorder to be accessed. There is an endpoint in the application, which accepts username and password and returns a jwt token. Now this token can be set in the authorization header and the other secure api's can be accessed.

I have another springboot application which is acting as zuul api gateway. How do I call my secure api through this zuul application. I am new to microservices architecture. Please advise.

Answer 1

My suggestion is you should have authentication only at the gateway(Zuul) level.

You shouldn't be having authentication during inter-microservice call.

Your micro-services will all be accessible via the gateway and hence will be protected.

In case if you still want to use the JWT token mechanism for inter micro-service calling, use the below example-

Assume I have a service called search-service as micro-service.

Create an service to call login end-point and fetch the token and pass that token in Authorization header ex: "Bearer "<>

@FeignClient(name = "search-service")
public interface SearchService 
{
    @RequestMapping(method = RequestMethod.POST , value = "/api-search/user/v2/search" , consumes = MediaType.APPLICATION_JSON_UTF8_VALUE)
    List<Map<String, List<Map<String, Object>>>> search(@RequestHeader("Authorization")String token, String query);

    @RequestMapping(method =  RequestMethod.POST , value = "/api-search/auth/login", consumes = MediaType.APPLICATION_JSON_UTF8_VALUE)
    public AuthResponseDto login(@RequestBody AuthRequestDto authRequestDto);


}