1

I want to make a simple project with a couple of microservices.

I have User microservice, which controls the all user related staff like user creation, update information about the user, etc.

And now I need to do the authentication for my project. And I stuck a bit. I want to implement simple JWT authentication with refresh tokens. I know how to do that but I don't know where to do that.

So my question is: do I need to do authentication logic on the User microservice, or I need to keep it separate and create the Auth microservice?

If I choose the second option with separate Auth microservice, in which way should I handle the creation of the user? Create it firstly in Auth service and then call the User service from it? Or create it on User service then create it on auth service?

Improve this question

1 Answer 1

Reset to default
2

You can do it in user microservice as long as it's independent and can issue token. I would advise to use federated identity providers rather writing your own. e g. azure ad or auth0.com . They are generally better secured and follow the best practices. You get many out of box features using federated identity providers e.g. login with fb google etc.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.