Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microservice pattern: Access token #2689

Open
iluwatar opened this issue Oct 15, 2023 · 3 comments
Open

Microservice pattern: Access token #2689

iluwatar opened this issue Oct 15, 2023 · 3 comments
Labels
epic: pattern info: help wanted type: feature

Comments

@iluwatar
Copy link
Owner

iluwatar commented Oct 15, 2023
edited

Description:
The Access Token design pattern is crucial for managing secure communication between microservices. This pattern involves the use of tokens, typically JWT (JSON Web Tokens), to verify the identity and permissions of a user or service making a request to another service. Implementing this pattern enhances security, scalability, and maintainability of microservices by decoupling authentication logic from individual services.

Main Elements:

  1. Token Issuance: A trusted authority (Authorization Server) issues tokens after authenticating a user or service.
  2. Token Validation: Microservices validate the tokens to ensure the request is authenticated and authorized.
  3. Token Scope and Permissions: Tokens carry claims about the user's identity and permissions, defining what resources and operations the user is allowed to access.
  4. Token Expiry and Refresh: Tokens have a limited lifespan, and mechanisms must be in place to refresh tokens when they expire.
  5. Security Measures: Implementing security measures to protect tokens in transit and at rest, including the use of HTTPS and secure storage.

References:

Acceptance Criteria:

  1. Implement a token issuance mechanism using a trusted Authorization Server.
  2. Ensure microservices can validate the tokens received in incoming requests.
  3. Define token scopes and permissions to control access to different resources and operations.
  4. Implement token expiry and refresh mechanisms to manage token lifecycle.
  5. Ensure all communication involving tokens is secure, using HTTPS and appropriate storage solutions for tokens.

Please ensure adherence to the project contribution guidelines while working on this issue.
@surjendu104
Copy link
Contributor

I'm interested in this issue.
would I have to demonstrate how we can perform authentication by Access tokens (JWT) with the help of controller and service and other layers?

@iluwatar
Copy link
Owner Author

That plan sounds right to me @surjendu104

@stale Stale
Copy link

stale bot commented Dec 21, 2023

This issue has been automatically marked as stale because it has not had recent activity. The issue will be unassigned if no further activity occurs. Thank you for your contributions.

@stale stale bot added the status: stale issues and pull requests that have not had recent interaction label Dec 21, 2023
@stale stale bot removed the status: stale issues and pull requests that have not had recent interaction label Mar 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
epic: pattern info: help wanted type: feature
Projects
Java Design Patterns project
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iluwatar @surjendu104