This is the 24th day of my participation in the November Gwen Challenge. Check out the event details: The last Gwen Challenge 2021

Antecedents to review

We’ve talked about how Gateway uses global filters to do permission authentication token processing, but we haven’t talked about how to integrate permission authentication component functionality.

Today we talked about how to achieve unified permission authentication function, please continue to read.

Authorization in microservices

There are several common solutions for permission authentication in microservices, such as JWT (Json Web Token), distributed Session, OAuth2 Token and so on.

JWT: JSON WEB TOKEN is an open standard based on JSON. The generation of the Token generally contains the user’s basic information, role information and so on. The information is encrypted by key, and then the Token is used for login authentication and information transmission.

Distributed Session: In the authentication of single services, Session Session was used for login authentication in the early stage. Distributed Session, combining the original characteristics of Session, solves the consistency problem with cookie and Redis cache, which is relatively complicated.

OAuth2 Token: The core of OAuth2 Token is to issue a Token for third-party applications and provide the function of granting authentication permissions. There are four ways to obtain authentication tokens, including authorization code, hidden type, password type and client certificate to support developers to use them.

Why JWT

JWT is chosen, of course, because it is easy to integrate and can encrypt the basic information of users into tokens, which can also be obtained in the front end.

JWT was used at the beginning of the project, and overall it was very sweet.

conclusion

Today we talked about why JWT was chosen to do the authentication logic. The next step is to integrate JWT to implement the unified authentication function. Stay tuned. You can pay attention to the column if you like.