Authorization / Authentication

[torniker]

What is the best way to implement Authorization / Authentication for this architecture?

[tinrab]

The best way would be to have a separate service and include its definitions in each service that needs to authenticate requests. In a world of microservices, you could create a service that has a database of users and exposes endpoints for logins and authorizations. Another service can call this service whenever a request needs to be authenticated. But when you only need to verify JWT tokens, you cache certificates in a specific service and save on a couple of roundtrips. Overall, I'm not sure. It's sort of complicated and there are many ways of achieving this.