Microservice Authentication strategy

authentication architecture microservices

Based on what I understand, a good way to resolve it is by using the OAuth 2 protocol (you can find a little more information about it on http://oauth.net/2/)

When your user logs into your application they will get a token and with this token they will be able to send to other services to identify them in the request.

OAuth 2 Model

Example of Chained Microservice Design Architecture Model

Resources:

  • http://presos.dsyer.com/decks/microservice-security.html
  • https://github.com/intridea/oauth2
  • https://spring.io/guides/tutorials/spring-security-and-angular-js/

Short answer : Use Oauth2.0 kind token based authentication, which can be used in any type of applications like a webapp or mobile app. The sequence of steps involved for a web application would be then to

  1. authenticate against ID provider
  2. keep the access token in cookie
  3. access the pages in webapp
  4. call the services

Diagram below depicts the components which would be needed. Such an architecture separating the web and data apis will give a good scalability, resilience and stability

enter image description here

Related

PowerShell: Setting an environment variable for a single command only
Why does reading into a string buffer with scanf work both with and without the ampersand (&)?
What should I use Android AccountManager for?
MongoDB/NoSQL: Keeping Document Change History
How to open multiple pull requests on GitHub
How to use @Nullable and @Nonnull annotations more effectively?
What's the status of multicore programming in Haskell?
Should I mix AngularJS with a PHP framework? [closed]
Is there a builtin identity function in python?
Using Moq to determine if a method is called
R and version control for the solo data analyst [closed]
Is 161803398 A 'Special' Number? Inside of Math.Random()