Open dfaulken opened 7 years ago
@Anbranin and I discussed some of the difficulties here:
The currently proposed token system for engine-router traffic requires manual synchronization of tokens for each service, which isn't so bad — but it would be cumbersome to enact a similar system for every combination of services that need to talk to each other (it's not a coincidence that this is referred to in combinatorics as a handshake problem).
The naïve solution would be that when the router gives services information about each other, it should include the token, and then the router-engine system can be used between services — but then this violates the "don't send keys over the air" principle that is the entire point of the proposed engine-router solution.
I am working on the next part of this, the actual authentication of the tokens
We have API tokens for interacting with the router, but not for inter-service traffic.