code first (declarations on web-methods, controllers, integration messages)
centralized administration point (admin client)
embedded decision point (be aware of scaled logical services running with different api versions)
Context:
http user = user identity
http resource = web-method + controller + verb
Mq user = user header
Mq resource = integration message
possible implementations:
authorization call to auth endpoint on each incoming request or message - intensive and excessive work
pull/push model + local cache - waste of storage and synchronization issues due to horizontal scaling
authorization call to auth endpoint at authentication phase and filling jwt-token with granted permissions - the most balanced approach that removes redundant calls but adds extra payload into http and integration message headers (consider token length limits and user logouts, Kestrel.ServerLimits.MaxRequestHeaderFieldSize)
Calls can be implemented through rpc call or request/reply calls
apply authorization schema based on features:
Context:
http user = user identity
http resource = web-method + controller + verb
Mq user = user header
Mq resource = integration message
possible implementations:
authorization call to auth endpoint on each incoming request or message- intensive and excessive workpull/push model + local cache- waste of storage and synchronization issues due to horizontal scalingCalls can be implemented through rpc call or request/reply calls