On Thursday, January 25, 2018 at 8:33:40 AM UTC-5, [email protected] wrote: > > > (2) would using a session cookie + some authorization middleware (such > as casbin) make sense for our situation? what are its pro's and con's? > > This is what I'm familiar with. The main con is having to check the > authorization in every request. Writing your own isn't complex. >
In a pure micro-services architecture, you have to check every request in every micro-service, its the nature of the beast. Of course, you pass around a local token that expires in a 'short' time. Wiring your own that mostly works is trivial. Getting all the tiny details is very pedantic, and its easy to get wrong. Which is why its critical to ask how serious you are about value and potential attackers -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
