如何正确使用express-gateway对Web应用程序进行身份验证?
[英]How to properly use express-gateway for authentication of a web app?
问题描述
I am fairly new to the concept of microservices and api gateways in general. 
我对微服务和api网关的概念一般都是新手。 I am trying to understand the role that an api gateway plays in a modern web application using many microservices. 我试图理解api网关在使用许多微服务的现代Web应用程序中扮演的角色。 I have been reading the documentation and tutorials of express-gateway but am a bit confused on how a web application would perform authentication with an api gateway set up like express-gateway. 我一直在阅读快速网关的文档和教程,但对于Web应用程序如何使用像express-gateway这样的api网关进行身份验证有点困惑。
My web app would have multiple microservices that it would talk to. 我的网络应用程序将有多个微服务,它会与之交谈。 I thought that putting an API gateway in front of all my microservices would make it so that each microservice would not need to worry about whether a user/request is authenticated or not, because if the microservice was being talked to it meant that the api gateway had verified the request was a valid user. 我认为在我的所有微服务之前放置一个API网关会使每个微服务都不需要担心用户/请求是否经过身份验证,因为如果与微服务进行通信则意味着api网关已验证该请求是有效用户。 Is my understanding of this correct? 我对此的理解是否正确?
Assuming that my thought of the api gateway serving as a gatekeeper to other microservices is correct, my follow up question is with the specifics of how it is performed. 假设我认为api网关作为其他微服务的看门人是正确的,我的后续问题就是如何执行它的具体细节。
Does this mean that all user creation and authentication is performed by the api gateway? 这是否意味着所有用户创建和身份验证都由api网关执行? Meaning that I would have no custom user creation/login microservices? 这意味着我没有自定义用户创建/登录微服务? Or would I have a publically reachable through the api gateway custom user creation microservice which upon creation would itself create the user accounts within the api gateway? 或者我是否可以通过api网关自定义用户创建微服务公开访问,在创建时它本身会在api网关内创建用户帐户? Is user information now duplicated by my microservice in a database somewhere and the express-gateway's own storage? 我的微服务是否在某个地方的数据库和快速网关自己的存储中复制了用户信息? I guess my general confusion is around does an api gateway take the role of authentication/user creation entirely away from a web app's own microservices, or do you still need both parts? 我想我的一般困惑是api网关是否完全远离Web应用程序自己的微服务,认证/用户创建的角色,还是你还需要这两个部分?
I thought that my own authentication microservice would first validate a user then work with the api gateway to generate a valid short lived token, but reading about creating user or app accounts for authentication in express-gateway has made me confused on the roles each play. 我认为我自己的身份验证微服务将首先验证用户然后使用api网关生成有效的短期令牌,但阅读有关在快速网关中创建用户或应用帐户以进行身份验证的问题让我对每个角色的角色感到困惑。
1 个解决方案
解决方案1
3 已采纳 2018-07-30 16:04:45
to have an overview of the role of an API Gateway in a microservice based solution, I suggest you to have a look to this presentation I did couple of months ago. 为了概述API网关在基于微服务的解决方案中的作用,我建议你看看我几个月前做过的演示 。 That should clarify the things a little bit. 这应该澄清一些事情。
Is my understanding of this correct?
Yes, you got it. 是的,你明白了。 If you have a look to the video, you can actually see that concept in practice as well. 如果你看一下视频,你实际上也可以在实践中看到这个概念。
For the storage, that kind of depends. 对于存储,这种依赖。
Express Gateway offers a subset of identity services such as users, applications and credentials. Express Gateway提供身份服务的子集,例如用户,应用程序和凭据。 They're good enough for most application usages but you might find yourself with the needs of using an external service, such as Auth0. 它们对于大多数应用程序的使用都足够好,但您可能会发现自己需要使用外部服务,例如Auth0。
Now, features aside — where store the data it's up to you. 现在,除了功能之外 - 存储数据取决于您。 You can keep some of the data in Express Gateway and some of it in your own database — or entirely in EG. 您可以将一些数据保存在Express Gateway中,其中一些保存在您自己的数据库中 - 或者完全保存在EG中。 There's not a good or bad strategy here. 这里没有好的或坏的策略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.