BP
Uploaded byBrian Pontarelli
545 views

Auth as a microservice

The document discusses the implementation of authentication as a microservice using JSON Web Tokens (JWT), detailing how user sessions and roles are managed. It covers backend API interactions for user login and todo management, including database schema and potential issues related to stateful session management. Additionally, it highlights the benefits of using JWT for authentication, such as reduced dependency on user APIs and improved scalability.

Embed presentation

Downloaded 21 times
Auth as a Microservice How I learned to stop worrying and love JWT
In the Beginning
Backend
Backend users user_roles roles todos
CREATE TABLE todos ( id INT NOT NULL, text TEXT NOT NULL, user_id INT NOT NULL, PRIMARY KEY (id), CONSTRAINT todos_fk_1 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE );
Backend GET /login HTML
Backend POST /login 302 + Session ID Session user 42 users
Backend GET /todos + Session ID HTML Session user 42 todos
SELECT * FROM todos WHERE user_id = 42;
What about everything else? ● Works on SPAs and Mobile ● Session ID is the user identifier ● Generally hard to steal or forge ● Uses simple HTTP cookies
The Pain ● Stateful ● Potentially requires session replication ● Session pinning ● Harder to scale since every instance runs everything ● One big database
User API Todo API
User API Todo API users todos
User API users user_roles roles
Todo API todos
CREATE TABLE todos ( id INT NOT NULL, text TEXT NOT NULL, user_id INT NOT NULL, PRIMARY KEY (id) );
User API POST /login ???
User API POST /login ??? user 42 users
User API POST /login User as JSON user 42 users
{ "user": { "id": 42, "name": "Brian Pontarelli", "email": "brian@inversoft.com", "roles": ["admin"] } }
user 42 Todo API GET /todos?user_id=42 JSON todos
Danger Will Robinson!
user 1 Todo API GET /todos?user_id=1 JSON todos
X Get milk
Haha - His wife is gonna be pissed
Haha - Her husband is gonna be pissed
User API Todo API users todos user user T T T
User API Todo API users todos user user T T T GET /token/T User as JSON
Tokens ● There must be a User -> Token mapping ● In memory or in database ● Makes the User API slightly stateful ● Can be very chatty ● Couples the User API to EVERYTHING (almost)
User API Todo API users todos user user J W T J W T J W T
JWT ● JSON Web Tokens ● Signed with a public/private key pair ● Can be validated by Todo API without calling User API ● Contains roles
JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0 ODUxNDA5ODQsImlhdCI6MTQ4NTEzNzM4NCwiaXNzIjoiYWNtZ S5jb20iLCJzdWIiOiIyOWFjMGMxOC0wYjRhLTQyY2YtODJmYy 0wM2Q1NzAzMThhMWQiLCJhcHBsaWNhdGlvbklkIjoiNzkxMDM 3MzQtOTdhYi00ZDFhLWFmMzctZTAwNmQwNWQyOTUyIiwicm9s ZXMiOltdfQ.Mp0Pcwsz5VECK11Kf2ZZNF_SMKu5CgBeLN9ZOP 04kZo
JWT Header { "typ": "JWT", "alg": "RS256" }
JWT Body { "iss": "inversoft.io", "exp": 1300819380, "sub": "19016b73-3ffa-4b26-80d8-aa9287738677", "name": "Brian Pontarelli", "roles": ["RETRIEVE_TODOS"] }
select * from todos where user_id = ‘19016b73-3ffa-4b26-80d8-aa9287738677’;
Code!
Deleting Users?
delete from users where user_id = 42;
Oops! No ON DELETE CASCADE
User API Todo API users todos DELETE DELETE DELETE DELETE
User API Todo API users todos DELETE DELETE Event Webhook DELETE
Code!

More Related Content

PDF
Javascript
byApradiz Newcyber
 
PPTX
Microservices Done Right: Key Ingredients for Microservices Success
byApigee | Google Cloud
 
PPTX
Adapt or Die: A Microservices Story at Google
byApigee | Google Cloud
 
PDF
Stateless authentication for microservices
byAlvaro Sanchez-Mariscal
 
PDF
REST vs. Messaging For Microservices
byEberhard Wolff
 
PPTX
Método gramática-traducción
byBUAP
 
PDF
Docker con osdk_ver1.0
byShunjiro Yatsuzuka
 
PDF
Swarm sec
bysnrism
 
Javascript
byApradiz Newcyber
 
Microservices Done Right: Key Ingredients for Microservices Success
byApigee | Google Cloud
 
Adapt or Die: A Microservices Story at Google
byApigee | Google Cloud
 
Stateless authentication for microservices
byAlvaro Sanchez-Mariscal
 
REST vs. Messaging For Microservices
byEberhard Wolff
 
Método gramática-traducción
byBUAP
 
Docker con osdk_ver1.0
byShunjiro Yatsuzuka
 
Swarm sec
bysnrism
 

Viewers also liked

PDF
Micro, Nano, Mono? Microservices verständlich erklärt
byIKS Gesellschaft für Informations- und Kommunikationssysteme mbH
 
PDF
Trabalhar ao domingo
byDo outro lado da barricada
 
PPTX
Ryan Joyce Final Capstone UA Presentation
byRyan Joyce
 
PPTX
Aura Holistic PowerShots
byVictori Lin
 
DOCX
Sistemas operativos juáreazesquivel (1)
byemmanuel juárez_esquivel
 
PDF
Ideas Into Action - The Non-Profit Edition (ICE 2016)
byFrank Ong
 
PPSX
intercambiador de autobuses plaza de madrid
bynatalia-2088
 
PDF
7 Education
byMartina Baca
 
PPTX
Innovación y desarrollo tecnologico 3°1 tv
bySugey Corchado
 
PDF
Microservice Builder: A Microservice DevOps Pipeline for Rapid Delivery and P...
byDavid Currie
 
PDF
Metrics driven dev ops 2017
byJerry Tan
 
PDF
Haciendo Universidad No. 55
byUniversidad Católica Santa María la Antigua
 
PPT
Corrente alternada
byPalloma Cidrim
 
PDF
Protocol buffers and Microservices
byVladimir Dejanovic
 
PDF
CloudConf2017 - Deploy, Scale & Coordinate a microservice oriented application
byCorley S.r.l.
 
PDF
muCon 2016: Authentication in Microservice Systems By David Borsos
byOpenCredo
 
PPTX
Beauvoir School Inclusion in the Early Years
byRosetta Eun Ryong Lee
 
PPTX
NPS Inclusion Through a Developmental Lens
byRosetta Eun Ryong Lee
 
PPTX
Capitães da Areia
by_EsterLopesBR
 
Micro, Nano, Mono? Microservices verständlich erklärt
byIKS Gesellschaft für Informations- und Kommunikationssysteme mbH
 
Trabalhar ao domingo
byDo outro lado da barricada
 
Ryan Joyce Final Capstone UA Presentation
byRyan Joyce
 
Aura Holistic PowerShots
byVictori Lin
 
Sistemas operativos juáreazesquivel (1)
byemmanuel juárez_esquivel
 
Ideas Into Action - The Non-Profit Edition (ICE 2016)
byFrank Ong
 
intercambiador de autobuses plaza de madrid
bynatalia-2088
 
7 Education
byMartina Baca
 
Innovación y desarrollo tecnologico 3°1 tv
bySugey Corchado
 
Microservice Builder: A Microservice DevOps Pipeline for Rapid Delivery and P...
byDavid Currie
 
Metrics driven dev ops 2017
byJerry Tan
 
Haciendo Universidad No. 55
byUniversidad Católica Santa María la Antigua
 
Corrente alternada
byPalloma Cidrim
 
Protocol buffers and Microservices
byVladimir Dejanovic
 
CloudConf2017 - Deploy, Scale & Coordinate a microservice oriented application
byCorley S.r.l.
 
muCon 2016: Authentication in Microservice Systems By David Borsos
byOpenCredo
 
Beauvoir School Inclusion in the Early Years
byRosetta Eun Ryong Lee
 
NPS Inclusion Through a Developmental Lens
byRosetta Eun Ryong Lee
 
Capitães da Areia
by_EsterLopesBR
 

Similar to Auth as a microservice

PDF
Authentication in microservice systems
byDavid Borsos
 
PDF
Json web token api authorization
byGiulio De Donato
 
PPTX
Complete Guide to Setup Secure Scheme for Restful APIs
byXing (Xingheng) Wang
 
PDF
JWTs - What PHP developers need to know - LonghornPHP.pdf
byDan Moore
 
PPTX
Micro Web Service - Slim and JWT
byTuyen Vuong
 
PDF
Talk Microservices to Me: The Role of IAM in Microservice Architecture
byWSO2
 
PDF
What are JSON Web Tokens and Why Should I Care?
byDerek Edwards
 
PPTX
Microservices Manchester: Authentication in Microservice Systems by David Borsos
byOpenCredo
 
PPTX
Angular auth with JWT
byMVP Microsoft
 
PDF
Securing Web Applications with Token Authentication
byStormpath
 
PPTX
Pentesting jwt
byJaya Kumar Kondapalli
 
PDF
JWT stands for JSON Web Token. It's a compact, URL-safe means of representing...
byVarun Mithran
 
PDF
Autenticação com Json Web Token (JWT)
byIvan Rosolen
 
PDF
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
byiMasters
 
PDF
Microservices Security Landscape
byPrabath Siriwardena
 
PDF
JSON Web Tokens
byIvan Rosolen
 
PDF
Protecting Java Microservices: Best Practices and Strategies
byRodrigo Cândido da Silva
 
PPTX
Building Secure User Interfaces With JWTs (JSON Web Tokens)
byStormpath
 
PDF
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
byapidays
 
PPTX
Microservices Security Landscape
byPrabath Siriwardena
 
Authentication in microservice systems
byDavid Borsos
 
Json web token api authorization
byGiulio De Donato
 
Complete Guide to Setup Secure Scheme for Restful APIs
byXing (Xingheng) Wang
 
JWTs - What PHP developers need to know - LonghornPHP.pdf
byDan Moore
 
Micro Web Service - Slim and JWT
byTuyen Vuong
 
Talk Microservices to Me: The Role of IAM in Microservice Architecture
byWSO2
 
What are JSON Web Tokens and Why Should I Care?
byDerek Edwards
 
Microservices Manchester: Authentication in Microservice Systems by David Borsos
byOpenCredo
 
Angular auth with JWT
byMVP Microsoft
 
Securing Web Applications with Token Authentication
byStormpath
 
Pentesting jwt
byJaya Kumar Kondapalli
 
JWT stands for JSON Web Token. It's a compact, URL-safe means of representing...
byVarun Mithran
 
Autenticação com Json Web Token (JWT)
byIvan Rosolen
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
byiMasters
 
Microservices Security Landscape
byPrabath Siriwardena
 
JSON Web Tokens
byIvan Rosolen
 
Protecting Java Microservices: Best Practices and Strategies
byRodrigo Cândido da Silva
 
Building Secure User Interfaces With JWTs (JSON Web Tokens)
byStormpath
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
byapidays
 
Microservices Security Landscape
byPrabath Siriwardena
 

Recently uploaded

PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
The year in review - MarvelClient in 2025
bypanagenda
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
The Landscape of Computer Software Development Companies
byYash Singh
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 

Auth as a microservice