Authentication as a microservice talk given by Brian Pontarelli at the Denver Microservices meetup. Want to learn how to implement authentication in your microservices architecture, this presentation covers the basic concepts.
5. CREATE TABLE todos (
id INT NOT NULL,
text TEXT NOT NULL,
user_id INT NOT NULL,
PRIMARY KEY (id),
CONSTRAINT todos_fk_1 FOREIGN KEY (user_id)
REFERENCES users(id) ON DELETE CASCADE
);
10. What about everything else?
● Works on SPAs and Mobile
● Session ID is the user identifier
● Generally hard to steal or forge
● Uses simple HTTP cookies
11. The Pain
● Stateful
● Potentially requires session replication
● Session pinning
● Harder to scale since every instance runs everything
● One big database
29. Tokens
● There must be a User -> Token mapping
● In memory or in database
● Makes the User API slightly stateful
● Can be very chatty
● Couples the User API to EVERYTHING (almost)