2016-07-22 10:17 GMT+02:00 Norbert Hartl <[email protected]>: > > A problem JWT can solve: > > In our company we have a lot of little REST servers serving some duties. > To minimize the chaos I want to have a central authentication and > authorization point. If we assume having 20 images running and we look at > typical way how authorization works: > > there is image A (Authentication), image S (Service) und client C. Client > C wants to use the service S > > 1. client C authenticates and retrieves authorization information from A > (or from S which redirects him to A) > 2. client C hands out the authorization information to S > 3. S needs to check at A if the information is valid (client C could have > modified it or generated it) > 4. S grants C access > > Taking the assumption of having 20 service images, every image would need > to get back to A in order to check authorization information. The more > services images you have the more load it will put on A. In a JWT use case > scenario the same would look like > > 1. client C authenticates and receives a JWT containing authorization > information. The token is signed by A > 2. client C hands out JWT to service S > 3. S checks the signature of A and knows that the authorization > information contained is valid. > 4. S grants C access >
Thank's for explanation Norbert. Now I don't need to google about it :)
