每个微服务都必须实现身份验证和授权,还是最好集中处理?

huangapple go评论68阅读模式
英文:

Each microservice has to implement authentication and authorization or it's better one centerized to deal with it?

问题

这个问题不是关于如何保护微服务(如何使用Oauth2或JWT),而是关于如何更好地处理它的策略。

我们应该选择什么?如果有其他建议,欢迎提出!

  1. 将身份验证和授权服务(AuthService)与微服务隔离开来:
    微服务在处理请求之前必须调用AuthService(类似于中间件)。
  2. 微服务必须自行进行身份验证和授权。
  3. AuthService始终接收调用并将其传递给微服务(类似于网关)。
  4. 实现一个用于前端的后端(BFF),并自行进行身份验证和调用其他微服务。

最后一个选项,有些朋友提到过,但是...如果你需要扩展1或2个微服务,那么你也必须垂直扩展BFF。这对我来说有点奇怪。

英文:

This question is not about what use to securing the microservices like Oauth2 or JWT, but what is better strategy for deal it with it.

What should we choose? Please, if has another tip will be welcome!

  1. An authentication and authorization service (AuthService) isolated out of microservices:
    Microservice must call AuthService before process the request. (like a Middleware)
  2. Microservice has to do its own authentication and authorization.
  3. The AuthService always recieves the calls and do the transference for microservice (like a Gateway)
  4. Implement a Backend For Frontend (BFF) and itself do it auth and calls for the others microservices.

This last one, some friend have talked about to me buuut... On case that you have to scaling 1 or 2 microservices, you have to scaling vertically the BFF too. That's a weird to me.

答案1

得分: 1

通常,身份验证和授权是在微服务级别进行的。但身份验证服务/数据库应该位于微服务外部,并且内部,以启用缓存以减少对身份验证服务的调用并减少API延迟。

英文:

Normally authentication and authorization is at microservice level. But authentication service/database should be outside and internal to microservice, enable cache to minimise calls to Auth service and to minimise API latency.

huangapple
  • 本文由 发表于 2020年8月11日 03:14:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/63346611.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定