Search Hashnode

Search posts, tags, users, and pages

Comment by Siddarthan Sarumathi Pandian on "How to handle authentication when using micro-services?" | Hashnode

Thread

Siddarthan Sarumathi Pandian

Full Stack Dev at Agentdesks | Ex Hashnode | Ex Shippable | Ex Altair Engineering

Nov 30, 2017

You should make your microservices talk to each other with an API endpoint in between (i.e instead of sending messages directly to each other, they first send the message to an API endpoint first, which in turn will deliver it to the other microservice). So, if microservice A wants to talk to microservice B, it should first make a request to an api end point, let's say /sendMessage. Now, /sendMessage will take care of all the authentication jazz and then call microservice B.

Remco Boerma

CTO@NPO, python dev, dba

Jan 25, 2018

Would you use this even when using a messagebus, or only on microservices using REST?

Siddarthan Sarumathi Pandian

Full Stack Dev at Agentdesks | Ex Hashnode | Ex Shippable | Ex Altair Engineering

Jan 29, 2018

Remco, I don't see why it should be any different when you use a message bus.

Remco Boerma

CTO@NPO, python dev, dba

Feb 1, 2018

Well, i thought you might have considered service discovery or reverse-proxying the request somewhat beneficial; which don't apply when using a messagebus.

I think I'd prefer

authenticate at the gate (api-umbrella, public-graphql service, whatever)
authorisation per service (as this allows true separation)

I'm still not sure whether to pass along a JWT like structure with all consumer details or that each service requests consumer details (like permissions) to a dedicated consumer service. Based on performance it probably depends on how many requests the consumer service needs to handle vs the overhead of possibly sending around needlessly the JWT. And, if not using JWT internally, how do you authenticate the payload, so that a bug might not creep in the consumer details and be passed around wrongly.