Menu
Context
I have multiple services like :
I need to connect on my microservices Using OAuth2.0, for beginning, using the standard login / password (I use my own data, and not gettint a third leg server)
Problem
According to these pictures :
Step 1
Step 2
How can I handle access_token control or authorization control, in my other services than authmicroservice ?
823
To perform authentication based on entity context, you must receive information about the end-user and propagate it to downstream microservices. A simple way to achieve this is to take an Access Token received at the edge and transfer it to individual microservices.
It describes the interactions between the OAuth client, the resource owner, the authorization server and the resource server. Whoever wants to access a microservice via the API Gateway, must get a valid OAuth token first. A system can access a microservice, just by being itself — or on behalf of another user.
OAuth 2 is an authorization framework, a security concept for rest API( Read as MicroService), about how you authorize a user to get access to a resource from your resource server by using token.
In order to manage authentication in a microservices architecture, you must have a different point of view.
Remember when you worked on a monolith, you had a single authentication process.
As an example in PHP app, you find your user in a database with it's corresponding credentials, then you created a session a the user is "authenticated".
With microservices, the workflow is kinda the same. The only thing that changes now is that you are not able to open a session in different services. Furthermore, you don't need to get the authenticated user. You only need to be sure that he is authorized to perform the current call on your microservices.
Thanks to oauth2, having a valid access_token gives you this information.
This should answer the frontend part. In the backend part (I mean behind the api gateway), you should not manage access_token because it is not relevant to microservices. You can use a functional key to find any information relevant to the user inside microservices like a uuid for example.
In order to get a uuid while using oauth2 I suggest to use openid connect too. It is user with this protocol to manage specific user information and it gives you access to a specific endpoint "/userinfo".
Hope this schema will make this answer clearer.
115
It is possible to create separate Auth service to provide access_token like you showed in step 1. But in API Gateway each service will needed to call that auth service to validate token. Its best to apply oauth process within API Gateway which I'm using as well for my product and this approach is also explained in many articles. lets look at the image below.
In technical perspective, It could simply a part of code (function) which handles request header to verify the token provided as oauth authentication, which might handled within code or by accessing own database before it forwards requests to service's endpoint.
You can follow one method to provide authentication, security and request dispatching to endpoint either by service of enhanced API Gateway. There's question already asked at stackoverflow here, But what i found easy to follow are 3 or 4 series of tutorials you'll find here
Get clear picture of your API Gateway usage before you focus on microservices to work on.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
