How to do authorization in an authentication microservice?
I am developing an auth service (NodeJS) that handles authentication and authorization.
I have two endpoints:
/auth-token
Client apps can fetch auth tokens (JSON web tokens) via POST. The auth service stores each generated JSON web token in its database.
/authorize
Other services within the SOA will verify auth tokens (from Authorization headers) at this endpoint.
Implementation of /authorize
I am not sure about the logic behind the /authorize
endpoint.
Method I
Authorization
header Method II
/auth-token
endpoint. /authorize
, if the token has not expired, decode the token. Or some other way. Please let me know.
链接地址: http://www.djcxy.com/p/3788.html上一篇: 我该如何禁止浏览器的验证对话框?
下一篇: 如何在身份验证微服务中进行授权?