1

I built 3 microservices using Spring Boot:

1) Auth service - creates JWT.

2 and 3 - microservices (REST API) that do something.

Theoretically the user can access microservices 2 and 3 without the token created by microservice 1.

Lets say I'm passing the token to microservices 2 and 3 - How can I verify the token's integrity? Is microservices 2 and 3 needs to communicate with microservice 1?

If someone has a good example it will be great.

Avi Elgal
  • 149
  • 1
  • 3
  • 9
  • you will need to have the following scenario a user wants to access to 2 and 3 then from 2 and 3 needs to communicate against auth, to check JWT token then if it is OK, continue on 2 and 3. that is. – Jonathan JOhx Jul 13 '19 at 14:59
  • A typical pattern which might be used here is the gateway/facade pattern. All incoming requests for any microservice would first hit the gateway API, which would then check the JWT to see if it still be valid. If not, then the request would be immediately rejected. Otherwise, the request would be allowed to continue to the microservice. – Tim Biegeleisen Jul 13 '19 at 15:13
  • Hello Avi, have a look at my answer, I have also given a working example – Romil Patel Jul 14 '19 at 06:21

0 Answers0