Hi Ethan, Let me put up a very simple use case first. I am working on a simple application for hotel booking which contains at least two different applications:
1. Merchant application to manage hotel rooms and offers. 2. Client facing application to book hotel room. Now, a given user can be a client or merchant for different hotels. Also, there is a duplication in the authentication and authorisation logic on both the applications because they share the same data. According to me the current micro service would be consulted once i.e. when a user wants to login, after that the issued token would be enough for the communication with the client from the user application. I thought of verifying the JWT token on every request with auth service but I think that is not necessary. These are the basic assumptions that I made while thinking about the solution, I am fairly new to this kind of thinking. I would really love to hear from you on how you would solve the given use case. PS: I saw you talk and its really very informative, I just need to watch it again :) Thanks, Vivek On Sat, 26 May 2018 at 16:27 Ethan Garofolo <[email protected]> wrote: > I do a lot of writing and speaking on microservices (writing a book for > The Pragmatic Bookshelf on the topic). I don't think that authorization > and/or authentication are good candidates to be split into services. The > reason is that every other portion of your system will need to communicate > with them in real time, which breaks the key feature of what makes > something a service--autonomy. It introduces temporal coupling and isn't > any different than a standard monolith, only now it's distributed, and you > have to deal with HTTP calls between components. > > I gave a talk once that kind of introduces some of these ideas, and it > might be useful to you: https://www.youtube.com/watch?v=h8ihxzfqH0A. > > It's a deep topic, and if you watch that talk and want to go over more > questions, I'm happy to help more. > > > On Friday, May 25, 2018 at 5:15:10 PM UTC-6, vivek poddar wrote: >> >> Hi, >> >> I am writing an micro service which aims to solve the issue of >> authenticating >> and authorising users on different client applications. >> >> I am new to micro services but its still in early phase of development. I >> would >> like to hear some feedback as well as architectural advice from the >> community. >> >> Thanks, >> > -- > Job board: http://jobs.nodejs.org/ > New group rules: > https://gist.github.com/othiym23/9886289#file-moderation-policy-md > Old group rules: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > --- > You received this message because you are subscribed to a topic in the > Google Groups "nodejs" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/nodejs/kJqDhECw0h0/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/nodejs/8668ed7b-b639-41d6-8a64-e97167feb618%40googlegroups.com > <https://groups.google.com/d/msgid/nodejs/8668ed7b-b639-41d6-8a64-e97167feb618%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/CAA%3Dh5qi44seMAFq-5oE39SBpM2jX92i-YXyezVU_PoxdHE9i8Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
