Django Microservices authentication

Question

I was reading about Microservices in django , and came to know in Microservices we keep small services separately and they can operate individually . if I am not wrong about this concept how I will validate using JWT token from a user from one Database to use that in 2nd Microservices ? ?

Answer 1

In typical JWT concept you have auth server(AC) and multiple resources servers(your domain µservices), and flow looks like:

• client (aka clientA, frontend for example) sends request to AC for jwt token (for example POST to /authenticate with username and password)
• when clientA was authenticated AC returns jwt token
• clientA sends request to some resource on your µservice (aka µserviceA) with jwt token in header ("Authorization: Bearer ...")
• µserviceA sends request to AC to confirm that token is valid, if so, µserviceA can accept request from your client and handle it

Your clientA may also be another µservice. Your µserviceA knows the user's roles from jwt token (after decoding) and simply can block request when roles are not appropriate.