Great post, seperating authentication and authorization is a right approach in microservices. What do you think if I add RBAC with domains/tenants in authentication? Example:
[PUT] /domainA/user/profile
Login to authentication service and get JWT token which contains identity and user's roles in domainA
Send JWT to domainA service, roles are checked in here.
Great post, seperating authentication and authorization is a right approach in microservices. What do you think if I add RBAC with domains/tenants in authentication? Example:
[PUT] /domainA/user/profile
In the example, would domainA service check for the validity of the token?