Microservice for solving authentication and authorisation problems

[vivek poddar]

Hi,

I am writing an micro service which aims to solve the issue of authenticating

and authorising users on different client applications.

I am new to micro services but its still in early phase of development. I would

like to hear some feedback as well as architectural advice from the community.

Thanks,

[Ethan Garofolo]

I do a lot of writing and speaking on microservices (writing a book for The Pragmatic Bookshelf on the topic).  I don't think that authorization and/or authentication are good candidates to be split into services.  The reason is that every other portion of your system will need to communicate with them in real time, which breaks the key feature of what makes something a service--autonomy.  It introduces temporal coupling and isn't any different than a standard monolith, only now it's distributed, and you have to deal with HTTP calls between components.

I gave a talk once that kind of introduces some of these ideas, and it might be useful to you: https://www.youtube.com/watch?v=h8ihxzfqH0A.

It's a deep topic, and if you watch that talk and want to go over more questions, I'm happy to help more.

[vivek poddar]

Hi Ethan,

Let me put up a very simple use case first.

I am working on a simple application for hotel booking which contains at least two

different applications:

1. Merchant application to manage hotel rooms and offers.

2. Client facing application to book hotel room.

Now, a given user can be a client or merchant for different hotels. Also, there is a

duplication in the authentication and authorisation logic on both the applications

because they share the same data.

According to me the current micro service would be consulted once i.e.

when a user wants to login, after that the issued token would be enough

for the communication with the client from the user application. I thought of verifying the JWT token on every request with auth service but I think that

is not necessary.

These are the basic assumptions that I made while thinking about the solution, I am fairly new to this kind of thinking.

I would really love to hear from you on how you would solve the given

use case.

PS: I saw you talk and its really very informative, I just need to watch it again :)

Thanks,

Vivek

--
Job board: http://jobs.nodejs.org/
New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to a topic in the Google Groups "nodejs" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/nodejs/kJqDhECw0h0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to nodejs+un...@googlegroups.com.
To post to this group, send email to nod...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/8668ed7b-b639-41d6-8a64-e97167feb618%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.