I don't know if it's the best way because it depends on requirements, constraints and such but I would take a look at using an API Gateway as the auth layer.

The user requests an API, the gateway authenticates the requests, generates a token and opens the gates or blocks the request.

The type of auth flow depends a lot on what you want to accomplish but tools like Kong support different type of authentication methods (from basic auth to jwt to oauth2 to openid to others)

See also How can I add authentication to a microservice/API?

 

Another way might be to use an external authentication service, like Okta or Auth0

Classic DEV Post from Sep 27 '18

Some tips to improve your life

For some time now I've been looking for and researching ways to improve my life...