Working on building an API gateway and one (probably multiple) of my microservices that it connects to requires authentication (token-based).Is it feasible to store this token in-memory or is there a better storage mechanism that isn't browser-based? Because the end user client should not have cookies that is passed to the API gateway that is then passed to the data source/microservice... the end user shouldn't be aware of or care where that data is coming from as long as it's returned from their request to the API gateway's endpoint.What I'm concerned about is clustered environments where each instance of the API gateway application ends up with a (different?) token. Is that... acceptable?Am I overthinking it because there will be a refresh policy in place for the token's also that happens seamlessly to the end user, so it would be a similar case of getting a token when there isn't one already or if it's expired.tl;dr best way to handle authentication/store tokens in a clustered or scaled environment when the node (Express) is the client (server-to-server)?
Submitted May 24, 2018 at 06:37PM by jsdotjs
No comments:
Post a Comment