How to Secure Your Microservices Architecture With JSON Web Tokens

День тому

JSON Web Tokens (JWTs) encapsulate authorization data in a portable, stateless manner. But what happens when a request arrives at a context boundary such as an API gateway fronting microservices? In this webinar, Dan Moore, head of developer relations at FusionAuth, will discuss how authorization information can cross such boundaries, how JWTs can help you secure your microservices and which signing protocols make sense when. This webinar will cover:
- JWT basics, signing algorithms and how to avoid common issues with JWTs
- Common auth architectures for microservices and context boundaries
- JWT validation (it's not just about the signature!)
- Revoking JWTs
Authentication is core to any application and is commonly extracted to a standalone service. But how can you ensure that users only access data they should in a scalable, resilient and secure manner? This webinar will teach you how to approach authentication and authorization in a microservices architecture with JWTs.

КОМЕНТАРІ: 10

@AndrewMelnychuk0seen Рік тому

This was really informative. Thank you.

@jmau2002 9 місяців тому

Great. Answering many questions

@ofiry Рік тому

Great video! thanks

@abhishekmiet Рік тому

informative video, thanks for sharing!!

@dogukan4283 2 роки тому

Thank you!

@TheGaneshkumawat 7 місяців тому

Gold content!!!

@tayyebshahbaz2673 4 місяці тому

Great Vedio

@JKW3973 6 місяців тому

Assuming any user with a JWT has access to all microservices can't you just validate a JWT within the API Gateway and be done. Then passing the request to the microservices without any further auth.

@libby6636 5 місяців тому

No really. Actually, the privilege authorization happens after the process of authentication. We can encode the access limitation specific logic in this phase, and these two processes mentioned above can be done at the API gateway layer.

@libby6636 5 місяців тому

In addition, the privileges required for a specific action or resource can be synchronized to the API Gateway, we can easily compare the privileges decrypted from the JWT with that from other micro services to implement our own access control logic.