So, if I get it correctly, you want a way to authenticate a user when passing information between microservices? Or do you want a way to authenticate the microservice itself?
You don't want to be confused between authentication, and authorization. Let me quickly define it:
The AuthBearer does both. First, it creates a token when the user asks it to; and, when the microservices give it a token, it checks for authorization.
For this, I'd recommend you create a AuthBearer microservice. Now, let this service handle everything (Authentication + Authorization); create REST routes like:
/services/auth/token (POST)
{
status: 200,
data: {
"token": "...."
}
}
When a user requires authentication, send his/her data to this service, and it'll return a token; JWT, if you prefer. Now, if he uses some other service, ask him to pass that token as a Header, and then from within that service, ask the Bearer if it's valid.
A quick example; say you have the following microservices:
The first microservice would be /services/product, the second one will be /services/checkoutand the third one will be /services/auth. Now, to authenticate, the user sends the his/her details to /services/auth, and this microservices returns a JWT. Perfect.
He, then, creates a product by POSTing it to the /services/product route, with his header Auth <TOKEN> Bearer. Upon getting this header, the Product microservices asks the Auth microservice if the token provided is valid; if it is, it gives the permission, otherwise a 401.
If you need help with anything else, be sure to comment! I hope this helps! :)