CODEWITHSUNDEEP
authorizationmicroservices
Arpan Pathak
Arpan Pathak

Reputation: 55

Centralized Auth server or One db per microservice for users?

I'm designing two micro services one for Teacher and other for Student. Now my question is what is the best approach of storing users and doing Authentication Authorization :-

  1. Centralized Auth server which will store user roles as well as all the info.

  2. Centralized Auth server which will only store roles but the user info will be Stored in the databases of their respective services (Student, Teacher)

  3. No centralized Auth server but redirecting login request to either Student or Teacher as per the role in the request body and it will be the responsibility of Gateway.

I want to know the pros and cons of these approaches. If there is any better approach then please share the same.

P.S :- Multiple roles can be assigned to a single user.

Upvotes: 3

Views: 1083

Answers (1)

Sihoon Kim
Sihoon Kim

Reputation: 1799

I would go for the first approach. Rather than "centralized Auth" server it would be more of a "auth micro service".

Now the important part is how to handle authentication itself. In general you could either use a session or JWT.

For micro services I think JWT is a perfect fit. If you use session you basically "centralize" your authentication and authorization. What I mean by this is that after a user is authenticated, every time the user makes a request all the micro services that react to this response must check on the centralized session. This will not only increase latency but it just doest fit with the distributed system. The point of using micro services is to have make replicas of services and so scale horizontally.

If you use JWT, the micro services only need the secret key to validate the token. Basically no centralized store(session) for authentication infos.

About the "auth service", I would suggest you to store authentication and authorization related data only(including user info related to authentication. phone number, email, name etc. you probably would use this in case user needs to change password, forgot password etc.). Other specific data related to a specific role can be stored in the corresponding service.

Upvotes: 1

Related Questions