-1

I am designing a service oriented application where the communication to the database is distributed across multiple services (Authentication service, some service for auditing and other for accessing the db and doing CRUD operation ... etc).

Say a user login to the app using his id and password, the app then talk to the auth service and find out if the information are correct, once done the user want to insert some data, now the app use another service to fulfil the user request. How can the other service now that the user is an authorized user to use the service.

Cœur
  • 37,241
  • 25
  • 195
  • 267
Houss_gc
  • 727
  • 5
  • 27

1 Answers1

1

Your use-case seems very similar to what SAML addresses. Also look at OAuth. If these standard mechanisms don't work for you, you can at least develop a mechanism where:

  • The authentication service returns a token on successful login. The caller app should then be able to use this token to access the data service and other services.
  • The data service should be able to independently validate the token (possibly with the authentication service).
  • You might want to ensure that the tokens remain valid only for a certain duration or certain number of invocations

What this avoids is the need for every back-end service to allow access to the app without using your login details.

Also see: What is token based authentication?

Jang-Vijay Singh
  • 732
  • 3
  • 11