Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Laravel passport, Oauth and microservices

Tags:

oauth

laravel

oauth-2.0

microservices

I am having a difficulty in terms of architecture and wondering if someone has some insights.

The plan

  • I will have multiple microservices (different laravel projects, catalog.microservice.com, billing.microservice.com) each providing an API.
  • On top of these will be an angular fronted consuming those APIs.
  • I will have another micro service (passport.microservice.com) for auth now thanks to laravel 5.3 passport this is even easier.

The flow:

  • User goes to catalog.microservice.com
  • user need to authenticate and provides a user and password
  • request is made by angular (aka client) to passport.microservice.com through password grand type to get an authorization token
  • now that I have a token I am authorized to call a resource from catalog.microservice.com
  • catalog.microservice.com needs to know if the token is valid and makes a request (some kind of middleware?) to passport.microservice.com
  • passport.microservice.com returns the user, scope etc.

Questions:

  • Is this a good approach?
  • The token validation in catalog.microservice.com can be a middleware?
like image 674
Andrei Gigirtu Avatar asked Aug 24 '16 14:08

Andrei Gigirtu

1 Answers

The common approach in microservices architecture is to use a single authentication 'gateway', and usually it's a part of an API gateway.

So besides your passport.ms.com, you have somewhat of a proxy that will check access token from the header and if it's invalid - give an error. If the token is valid - proxy the request to corresponding microservice.

This way you don't have to repeat yourself - you don't have to implement authentication N times for each microservice.

Then, if you need more granular control - what exactly a user can access (usually called authorisation), then you traditionally implement it at each specific microservice.

In short, your microservices shouldn't care if the incoming request is authenticated - it's already been pre-filtered for them. Microservices only decide whether the user X can do action Y.

PS. You can combine API gateway with Passport/Oauth facility or you may run them separately - that's up to you. AWS already offers API gateway as a service (proving how trendy microservices are becoming) but I couldn't find any good open source analogues.

like image 90
Denis Mysenko Avatar answered Sep 17 '22 20:09

Denis Mysenko
Sign in to Comment

Related questions

Laravel - regex route match everything but not exactly one or more word
Composer always runs into "Allowed memory size of 1610612736 bytes exhausted" - on server as well as local
How to set env with laravel artisan to have two different database connections (local/remote)?
Is it possible to use Laravel components in a WordPress plugin?
Laravel Schema Builder Update Default Value
Link with icon in Laravel 4
laravel-> on select change, submit to Controller show
How to install mcrypt extension on mac os x yosemite (10.10)
Prevent SQL injection for queries that combine the query builder with DB::raw()
Laravel multiple orderBy from dynamic array input
Attempting to get Email to work in Laravel 5
Convert date and time to Jalali in Laravel
Laravel php artisan migrate not working
Async Queues In Laravel
delete test data in laravel migration script
How to setup Laravel 5's task scheduling in Heroku?
Eloquent Laravel - Retrieve results only if the relationship exists
Laravel creates a new session on every request
How to use cPanel email accounts to send confirmation emails in laravel?
Where to put business logic in Lumen?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!