如何从使用另一个微服务的微服务传递 JWT 令牌？

Question

I have two microservices say A and B. In all REST endpoints for both microservices, I have implemented JWT authentication. A user has to hit an endpoint ("/login") with username and password and generate a token and pass this as a RequestHeader to all end points in both the services. Say in microservice A, I have an endpoint ("test1/createSomething"). In BI have another have an endpoint ("test2/getSomething"). Now I am able to call ("test2/getSomething") from service B, in ("test1/createSomething") in service A using Feign client.

But I am not sure how to implement this in a way that I generate the JWT token in service A and pass it along to service B, to consume its services.

Please help. Beginner in microservices and exploring things.

Answer 1

One approach you can try is by having a separate session/jwt service. Roles and responsibility of that service would be to store/validate and authenticate having following endpoints.

• create_token() : create new JWT token with given input data(say user info, expiration time etc)
• is_token_valid() : check if token is valid or not

So you can have a flow like this :-

 1. First hit to login-service > login service getting token from jwt-service > returning jwt token to UI/client.
 2. UI/Client passing received jwt token to service-b via headers> which indeed pass jwt token to service-a, where each service independently calls is_token_valid() of jwt-service and process the request only after getting success response. 

To implement this in spring-boot, what you can do is by adding an interceptor layer, that is being called before every Controller class, where is reads headers, extracts jwt-token and validates that from jwt-service.

You can look at the similar answer here . Another reference here