We have a number of services running on different servers and we want to simplify the process of authenticating with each one of them. The idea being floated around right now is that the client would hit an auth service, use some robust form of auth like LDAP and then rather than using sessions we would issue the client a JWT. The client could then make requests to our services and we could use the JWT to ensure that they are authenticated.
I am not sure if this is feasible or if it makes sense. My thinking was that as a first pass I could create a server which just uses basic auth and then returns a JWT. Then using something like Postman I could test whether or not it is possible to authenticate on another server using the same token (provided that the token secret is the same on both boxes).
The emphasis on JWTs is coming from the fact that eventually our application will need to be integrated with another service that uses JWT.
Any help or guidance would be amazing, even if it's telling me why using JWTs in this way would be impossible or stupid or if there is a more elegant architecture that would solve the problem.
Aucun commentaire:
Enregistrer un commentaire