Mesh and JWT

Submitted by code_admin on Tue, 04/20/2021 - 09:57

Validating JWT at gateway

https://konghq.com/blog/jwt-kong-gateway

https://www.infoq.com/articles/istio-security-mtls-jwt/
- Quote - "With this configuration, if a client tries to connect to the customer service, their request wouldn't make it to the service unless the JWT authentication succeeds."

https://medium.com/intelligentmachines/istio-jwt-step-by-step-guide-for…
- Quote - "What happens when you have hundreds of micro-services? Every service makes a request to the authentication micro-service for validating the incoming JWT token. In these sort of complicated ecosystem of micro-services, sometime one client request gets served by the combined output of several micro-services. So replying to one single request, might require several JWT validation request.
More importantly, in each of the micro-service, you have to implement the logic for calling the AuthN Service for validating the token and also do all the error handling that comes with it."

RJM Article Type
Work Notes