There are two parts to this:
- The authentication and authorization of the user accessing the application
- Authentication of inter-microservices communication
Here is the workflow of the authentication mechanism:
- The user logs in with a username and password.
- The web-app sends the credentials to the auth-app.
- The auth-app verifies the credentials, please refer to these points:
- If the credentials are invalid, it responds back to the request initiator on the failure
- If the credentials are valid, it requests the token-manager for a token
- The token-manager generates a unique token and provides back. This token can be used by other microservices to verify if the initiator of the request is from a valid source. Please refer to this point:
- The tokens are also persisted in a database (H2 database in this case) to maintain history
- The token is provided back to the web...