re: Be careful of the JWT hype train VIEW POST

re: I think a big part of JWT should be some type of API Gateway. In an example case (microservices) we take an API key from the client and the API G...

API Gateway? Sounds more like an auth server.
"The JWT can also be passed to subsequent services if needed on behalf of the parent service.", that's a risk not a feature.


i havent dealt with this situation before
but what the auth api gateway .. will hand to the services ? the user id right ? will that be on the header ?
thank you

code of conduct - report abuse