search

iluwatar / java-design-patterns

Design patterns implemented in Java
https://java-design-patterns.com
Other
89.98k stars 26.6k forks source link

Microservice pattern: Access token #2689

Open iluwatar opened 1 year ago

iluwatar commented 1 year ago

Description: The Access Token design pattern is crucial for managing secure communication between microservices. This pattern involves the use of tokens, typically JWT (JSON Web Tokens), to verify the identity and permissions of a user or service making a request to another service. Implementing this pattern enhances security, scalability, and maintainability of microservices by decoupling authentication logic from individual services.

Main Elements:

  1. Token Issuance: A trusted authority (Authorization Server) issues tokens after authenticating a user or service.
  2. Token Validation: Microservices validate the tokens to ensure the request is authenticated and authorized.
  3. Token Scope and Permissions: Tokens carry claims about the user's identity and permissions, defining what resources and operations the user is allowed to access.
  4. Token Expiry and Refresh: Tokens have a limited lifespan, and mechanisms must be in place to refresh tokens when they expire.
  5. Security Measures: Implementing security measures to protect tokens in transit and at rest, including the use of HTTPS and secure storage.

References:

Acceptance Criteria:

  1. Implement a token issuance mechanism using a trusted Authorization Server.
  2. Ensure microservices can validate the tokens received in incoming requests.
  3. Define token scopes and permissions to control access to different resources and operations.
  4. Implement token expiry and refresh mechanisms to manage token lifecycle.
  5. Ensure all communication involving tokens is secure, using HTTPS and appropriate storage solutions for tokens.

Please ensure adherence to the project contribution guidelines while working on this issue.

surjendu104 commented 1 year ago

I'm interested in this issue. would I have to demonstrate how we can perform authentication by Access tokens (JWT) with the help of controller and service and other layers?

iluwatar commented 1 year ago

That plan sounds right to me @surjendu104

stale[bot] commented 10 months ago

This issue has been automatically marked as stale because it has not had recent activity. The issue will be unassigned if no further activity occurs. Thank you for your contributions.