How to do authorization in an authentication microservice?

I am developing an auth service (NodeJS) that handles authentication and authorization.

I have two endpoints:

/auth-token

Client apps can fetch auth tokens (JSON web tokens) via POST. The auth service stores each generated JSON web token in its database.

/authorize

Other services within the SOA will verify auth tokens (from Authorization headers) at this endpoint.

Implementation of /authorize

I am not sure about the logic behind the /authorize endpoint.

Method I

Get auth token from Authorization header

Do a DB lookup of the token and see if it exists and not expired

Method II

Have a user database within the auth service and store all user info coming to /auth-token endpoint.

During authorization via /authorize , if the token has not expired, decode the token.

Get the user info and do a DB lookup to see if they exist in the user db.

Or some other way. Please let me know.

链接地址: http://www.djcxy.com/p/3788.html

上一篇: 我该如何禁止浏览器的验证对话框？

下一篇: 如何在身份验证微服务中进行授权？