I'm trying to create multiple API for different purposes, I mean a microservice pattern. I have in mind 2 API but in the future, it will increase.
I found that Oauth is recommended to this kind of microservice pattern. But is my own APIs and maybe I'm overengineering this.
(Image below as an example) I'm thinking in create my APIs, centralize the authentication/authorization stuff in another one and just access it from my APIs (thought CORS policies).
If I'm in the SPA 1 and I want to pass to the SPA 2, I will detect maybe a cookie to ask for the user info, send a verification code to the email and auto-login. (The last part can be fulfilled with a Same Domain cookie or maybe 1 SPA fetching data from both APIs)
I avoid OAuth and API Gateway Authorization since I will need to make my own server and could be expensive...
This is a good approach?
Aucun commentaire:
Enregistrer un commentaire