DEV Community

loading...

Discussion on: Authentication & Authorization in Microservices Architecture - Part I

Collapse
honatas profile image
Jonatas de Moraes Junior

Nice. Separating authentication from authorization is a big step. However, using JWT may not be the best approach, and I can see you already started feeling the pain given the rather big pitfalls section of your article.

I hereby invite you to take a look at this article where I describe the huge bunch of problems you will face while using JWT, and propose a more straightforward solution:

dev.to/honatas/a-different-approac...

I'm open for discussion. =)

Collapse
tzachis profile image
Tzachi Strugo Author

Hi Johatas,
Thank you for reading and sharing your thoughts. Understanding the separation of concern is critical to solving the problem of Authentication & Authorization solutions.

Indeed, stateless authentication(JWT in our case) suffers from several downsides that need to be aware of. There are pros and cons for both stateless & stateful concepts. For some use cases, the stateless approach isn't the best one.

With your permission, I would like to hold this discussion until I will publish part II :-)

Collapse
mnf profile image
Michael Freidgeim

What will be in part II and when it will be published?

Forem Open with the Forem app