Security Issue: Authenticate each REST API call using JWT

airavata-courses / SquirtleSquad

A squad as cool as the real Squirtle Squad!. Somehow obsessed with designing a weather prediction app to save the world from global warming!!

1 stars 2 forks source link

Security Issue: Authenticate each REST API call using JWT #24

Open ghost opened 4 years ago

ghost commented 4 years ago

I notice that the user-management initially authenticates the user using login and password, but on subsequent request from the front-end the token is not verified. This will leave your microservices open to attacks as anyone can call the APIs. One way to handle it is, you can pass the JWT token with each request and then API gateway can verify it calling the micro-services.

anuragkumar95 commented 4 years ago

Nice idea... would implement later when we wud have more time!