From the course: Microservices: Security
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Tokens
- [Instructor] Microservices depend heavily upon tokens for establishing identity and enforcing access control. Tokens help overcome the challenges posed by a distributed system. In a microservice architecture, there is not a shared session between all of the services that can hold information about the end user and their privileges. It is also not feasible for an end user to authenticate each time a service is accessed, nor should we pass their credentials around between the services. A token overcomes these challenges, because it allows a client to hold some information that can identify the end user and the access granted to the client. It also avoids the problem of having the client hold the end user's credentials. At a high level, tokens fall under one of two formats, reference or structured. The major difference between these two tokens is where the token's actual metadata is stored. A reference token is an opaque…