How to authenticate the request in this microservice?
Question
I have my web application(App1) storing user credential in DB. App1 needs to talk to microservice app2(using same same DB). I am not getting how to authenticate the request sent by app1 on app2 ?
My Approach :-
Send user name/password (sent by client to app1) to app2. App2 will authenticate in DB, if success generate new jsessionId and send it back to app1. Now whwn app1 needs to communicate with app2, it will use same jsession which app2 will validate and allow. Is this approach looks good or there can be some other better approach ?
1 answers
solution1
0 2018-06-28 19:05:47
There are several approaches each having its pros and cons
what are you doing is simple authentication, looks simple, calls are done on behalve of a user, but you need to pass the user credentials and you have no simple meams to validate of the app2's session is still valid or not
another approach is using a token (eg jwt token) what app2 could validate without passing the user credentials or session cookie (token can be signed by app1 or an identity provider), or using oauth token where each app could validate the token with a common IdP (identity provider)
app1 could authenticate by its own application credentials (eg when app2 is behind an api gateway)
so there are multiple option, you could choose one to fit your environment and long time solution
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.