Validating JWT at gateway
https://konghq.com/blog/jwt-kong-gateway
https://www.infoq.com/articles/istio-security-mtls-jwt/
- Quote - "With this configuration, if a client tries to connect to the customer service, their request wouldn't make it to the service unless the JWT authentication succeeds."
https://medium.com/intelligentmachines/istio-jwt-step-by-step-guide-for…
- Quote - "What happens when you have hundreds of micro-services? Every service makes a request to the authentication micro-service for validating the incoming JWT token. In these sort of complicated ecosystem of micro-services, sometime one client request gets served by the combined output of several micro-services. So replying to one single request, might require several JWT validation request.
More importantly, in each of the micro-service, you have to implement the logic for calling the AuthN Service for validating the token and also do all the error handling that comes with it."