2

I'm working on a Spring Boot Application which has both REST API and JWT Authentication. But It's over-weighted and I'm planning to detach the Security module to another micro-service.

What are some of the advantages and disadvantages of having this level of separation?

Are there any security concerns that may introduce vulnerabilities in the separated REST API?

01000001
  • 833
  • 3
  • 8
  • 21
Higanbana
  • 489
  • 10
  • 26

1 Answers1

2

You can do authentication on a different service or even use a thirdparty tool or provider e.g. Auth0 or Keycloak. Only the authorization should be in the "business" service.

Weso
  • 408
  • 4
  • 14