Microservice Authentication strategy

Question

I\'m having a hard time choosing a decent/secure authentication strategy for a microservice architecture. The only SO post I found on the topic is this one: Single Sign-On i

Answer 1

you can use idenitty server 4 for authentication and authorisation purpose

you must use Firewall Architecture hence you have more control over secutiry , robustness ,scalability and ease of use

Answer 2

Based on what I understand, a good way to resolve it is by using the OAuth 2 protocol (you can find a little more information about it on http://oauth.net/2/)

When your user logs into your application they will get a token and with this token they will be able to send to other services to identify them in the request.

Example of Chained Microservice Design

Resources:

• http://presos.dsyer.com/decks/microservice-security.html
• https://github.com/intridea/oauth2
• https://spring.io/guides/tutorials/spring-security-and-angular-js/

Answer 3

Short answer : Use Oauth2.0 kind token based authentication, which can be used in any type of applications like a webapp or mobile app. The sequence of steps involved for a web application would be then to

1. authenticate against ID provider
2. keep the access token in cookie
3. access the pages in webapp
4. call the services

Diagram below depicts the components which would be needed. Such an architecture separating the web and data apis will give a good scalability, resilience and stability