What is Microservices ?
Any single module of a complete software or a piece of software which solves some business problems, which can also be deployed independently.
Why build Microservices ?
Why wait for entire application to be build before going live ?
Why not quick to the market ?
Why not identify independent modules and better technology for them and build on the same?
Why scale entire infrastructure when only some business logic needs to be ?
Consider we are building an E-commerce website which contains different modules as Shopping cart module, Campaign management System, product Catalog and many more. We really don’t want to wait for the entire software to be build. And we can make a particular business solutions which is immediately needed in the market. And can scale the service resources which demands, instead of scaling the entire application resources.
How can i route to different Microservices ?
API Gateway – Can proxy using a single entry point to different microservices.
How to communicate between Microservices ?
REST APIs – Each service will have a REST APIs to communicate to and forth between different services.
How about Authentication ?
Do I need authentication on each services ?
How can i handle Access Control List (Authorization) ?
How the sessions (user identity) are been shared ?
We don’t need to authenticate on each services, all we need is a common authservice which will authenticate the user and redirects them to the appropriate service via API gateway
If you are new to OAuth2, please go through the link. There are different flows suggested in OAuth2, In Simple as follows
- The user request for a service through gateway and the request will be redirected to the authservice (OAuth2 server).
- Authservice redirect to authenticate the user (Signing in to authorization server).
- The authservice then validate the user and provide an access token to the provided callback (probably the API gateway callback).
- And the API gateway stores the token and redirect to the requested service.
Problem with OAuth2 flow
Since the access token is only for the auth server and the Microservices knows nothing about the user.
How to solve this ?
One way would be shared session where all the information will be available about the user the other better way would be to use OpenId Connect.
If you are new to OpenId Connect, please visit the following link. OpenId connect uses Oauth2 protocol in addition to that it has identity layer over the protocol, where the authservice provide ID Token along with the Access token. The ID Token contains user details which is JWT (Json Web Token, encrypted using a private key)
- The user request for Shopping cart service, the API gateway validated the user using the stored session.
- Redirects the user to the Auth service, asking to login, and validates the login.
- Response to the API gateway callback function.
- The session will be created for the particular user.
- Redirects user to the shopping cart, and before requesting to Shopping cart service, the gateway will add the user information to the header so the shopping cart service knows the user details, which can be further used for communication between the services.
3,453 total views, 4 views today