stackoom
  简体   繁体   中英

System to system integration and token validation

 原文  2021-11-30 15:57:18       authentication/ oauth-2.0/ api-gateway/ idp/ api-auth

Question

We are trying to set up a scheduled job based on NodeJS which will call an API via an API gateway. The API calls another API. There is no user or browser involved. The call must be authenticated and have a valid OAuth token from our IdP. How should it look like to have a more secure approach?

How the flow should look like? Which one the API Gateway or the second API should validate the token? or both? Thanks

1 answers

solution1
 0  2021-11-30 20:11:46

A key point is that JWT access token validation is designed to scale. In older architectures it was common to use perimeter security (eg API gateway validates token) but this is no longer recommended.

Instead validate the JWT in each API using a library. Here is some example code and for other technologies see Curity API Guides .

Here are a couple of related articles if you are interested in API security trends:

Finally, this article discusses that JWTs can often be forwarded between microservices, to keep your code simple.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question GitHub new token system time sensitive token system? Disqus Integration with my authentication system Microservices - managing external system auth-token authentication system using token in nodejs vuejs app? Implement custom token-based authorization/authentication system How resource server in OAuth authentication system, verify the token? JWT Token for distrubuted system running on multiple server instance Best way to create a TOKEN system to authenticate web service calls? verification system
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM