0

Looking for suggestions on how to go about with microservices authorisation.

I'm using the spring/spring boot for all them microservices

I'm able to authenticate via spring cloud gateway before reaching the actual microservices using JWT tokens however when it comes to authorisation i'm unsure on how to do it.

I would like handle the authorisation internally for each of the endpoints in the business microservice.

Is there a way to pass the JWT token to the microservice or do i need to call the authserver to get the roles within the user ?

Improve this question

1 Answer 1

Reset to default
1

Actually, both works.

  1. You can put the roles in the token, when you need it, decode it. Or decode it in the gateway and pass it all the way.

  2. If you don't want to put too much data in the token, you can call the auth server as needed.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.