I have a question about using JWT in a webapp: An auth-service provides a JWT which gives me the information whether the user is known or not. Then another service will be called to check the user roles based on the JWT. It appends an API-key, the user roles and will call the real API. Now my question: What ist the best auth flow?
- Should the webapp do only one call: Calling the JWT-service which proxies the request to the auth service and this service proxies it to the real backend and all the way back?
- Or should it look like this: Webapp calls JWT-service. The JWT-service returns the JWT to the webapp and then the webapp will call the auth-service in a second request.
Unfortunately the JWT-service cannot check the userroles :(
Are there any advantages/disadvantages or BestPatterns?
I hope that is not too confusing:D
Best Lukas
Aucun commentaire:
Enregistrer un commentaire