Django 微服务认证
[英]Django Microservices authentication
问题描述
I was reading about Microservices in django , and came to know in Microservices we keep small services separately and they can operate individually .
我正在阅读有关 django 中的微服务,并在微服务中了解到我们将小服务分开保存,并且它们可以单独运行。 if I am not wrong about this concept how I will validate using JWT token from a user from one Database to use that in 2nd Microservices ?如果我对这个概念没有错,我将如何使用来自一个数据库的用户的 JWT 令牌进行验证以在第二个微服务中使用它? ? ?
1 个解决方案
解决方案1
2 2020-08-26 22:36:35
In typical JWT concept you have auth server( AC ) and multiple resources servers(your domain µservices), and flow looks like:在典型的 JWT 概念中,您有身份验证服务器( AC )和多个资源服务器(您的域 µservices),流程如下所示:
- client (aka clientA , frontend for example) sends request to AC for jwt token (for example POST to /authenticate with username and password)客户端(又名clientA ,例如前端)向 AC 发送 jwt 令牌请求(例如使用用户名和密码POST到/authenticate )
- when clientA was authenticated AC returns jwt token当clientA被认证时AC返回 jwt 令牌
- clientA sends request to some resource on your µservice (aka µserviceA ) with jwt token in header (" Authorization: Bearer ... ") clientA使用标头中的 jwt 令牌将请求发送到您的 µservice(又名µserviceA )上的某个资源(“授权:不记名... ”)
- µserviceA sends request to AC to confirm that token is valid, if so, µserviceA can accept request from your client and handle it µserviceA向AC发送请求以确认令牌有效,如果有效,则 µserviceA 可以接受您客户端的请求并进行处理
Your clientA may also be another µservice.您的clientA也可能是另一个 µservice。 Your µserviceA knows the user's roles from jwt token (after decoding) and simply can block request when roles are not appropriate.您的 µserviceA 从 jwt 令牌(解码后)知道用户的角色,并且可以在角色不合适时阻止请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.