Node Microservices Authentication

Question

I have 5 node microservices. The login and signup of my server is controlled by a microservice called test-admin .After Login my test-admin gives a token . which I send as bearer token for authentication for other activities in test-admin server .

now the problem is how should I use the middleware to convert the JWT token to its data in other 4 servers than test-admin . should I need 5 middleware in 5 servers . What is the proper method

Answer 1

The preceding is a reasonable approach, but it bucks the current trend towards zero trust.

If you have 5 micro-services, you probably have some code that you want to share amongst them. Decoding the token is just one example.

If they all live together in a monorepo then this would be trivial. Just have all the shared code reside in a module that each micro service imports.

If you your micro services live in separate repos, then consider sharing your code as a private npm package or an npm import from a common code git repo.

In any case, if the other services are only exposed to test-admin, then there's no harm in passing the decoded user data around instead of the token.

Answer 2

You have 2 possibilities

1. Your test admin is the first entry point of your micro service architecture, so when a request comes in, the test-admin replace the token with the user data and pass it with the request to the other services for processing, kind of a reverse proxy mechanism (be careful to never leak the user data outside of your secure infrastructure)
2. Each of your service calls test-admin with the token when they need the user data

I wouldn't put the code of turning the token into the user data in each microservices as it breaks the single responsability principle.