Menu
Just to simplify my situation I currently have 3 micro services.
The authentication service authenticates the user and sends back a JWT access token and I use that across the other services. Its stateless and all works well.
I setup locations among some other things in the location service and this works well and as expected.
But now I am at the inventory service and I need to add some inventory but it is linked to a location. I can easily pass the locationId in the API call but I have no way of authorizing the current user to add something to that location unless I then call the location service to validate this.
This then creates service dependencies between each other and it is something I am trying to avoid at all costs otherwise you just lose most of the benefits of micro services.
What would be the recommended approach to validate that the current user has permissions for that location? The only thing I have thought of so far is either
Edit
As mentioned below on providing aggregate roots (or I am assuming that means the same as API gateways) it would provide the 3rd option of another service on top to communicate to both to provide the information.
However it then leaves a 3rd service dependent upon 2 others, so I just increased my service dependencies.
203
Network Tracking. A common way to detect dependencies is via the network connection. Since microservices have component services that communicate with one another across the network, you can monitor network traffic to identify the dependencies within your application.
The most common type is single-receiver communication with a synchronous protocol like HTTP/HTTPS when invoking a regular Web API HTTP service. Microservices also typically use messaging protocols for asynchronous communication between microservices.
There are two basic messaging patterns that microservices can use to communicate with other microservices. Synchronous communication. In this pattern, a service calls an API that another service exposes, using a protocol such as HTTP or gRPC.
You microservice design is poor. You are modeling (location and items) 1 class = 1 microservice and this is not a good idea.
You shoul modeling microservices like Aggregate Roots in DDD; even with its own bounded context. So, in your case, you should model an Aggregate Root with location, items and user that allows to check domain rules at item addition user action. This could be, i.e., in your Stock Context.
Of course, this doesn't mean that you should not have a Wharehouse Context in wich you can add, modify and/or delete locations and (if no need of depencies to check domain rules) the Aggregate Root is just Location class. But this is other microservice in another context.
This post should help you. It will bring you a big A-HA! in your mind after reading it.
139
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
