Its time to see how to enable security in
micro service world. In this session we can
see why security is critical. How we can use
JWT along with Oauth works to apply security
for micro service. Like other sessions, I
am not going to do coding in this session.
Rather, we see only from concept perspective.
Security is critical because, The services
we developed with in the organization shouldn't
be accessible by the public. So, every request
should be authenticated first to see whether
the user is using the right user name and
password and then they need to be authenticated
to check if he has access to my resources.
There are different ways to do it.
The old way of doing this is by using the
Session Id.
Here when the client login for the first time,
the client will be authenticated and then
given the session id which will be stored
on cookies in client side and in file format
or in database in the server side.
When the client try to access the resource
, the sever will read the session id from
the cookie and validate with the session Id
in the server.
One of the problem here is maintain the session
id on the server side when we need to scale
up the application horizontally.
These days, since most of the applications
demands the horizontal scalability due to
too much of volume, we need optimized way
to handle the request from clients.
That is why Oauth based authenticate and Authorization
is very popular these days. In Oauth we use
the JWT instead of session ID.
before covering about the oauth mechanism,
we need to know the fundamentals of JWT. I
can go through the fundamentals of JWT in
Next Session.
