XVincentX
commented
6 years ago Hey! I just arrived in this discussion by chance. I know I might be a little bit out of scope but — maybe you want to employ an API Gateway for that — such as Express Gateway?
Would it be feasible to use Redbird for microservices Authorization.
I am thinking that resolvers could be used to get the JWT token from request headers, check it is valid, then check that the username embedded in token has access to the requested url and if both tests pass allow the request through.
if the token is not valid it would forward the user to the login page.
Is this a secure and valid way to use RedBird? I don't expect to be processing more than 300 requests per minute.
If this is possible, I could stop worrying about ensuring that every microservice is using the latest security plugin script and allow redbird to centralise the validation of Authorisation down to route level.