How #jwt is used for #authentication in #microservices system?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Hello friends welcome to my channel and in today's video we will learn about authentication in microservices using JWT you'll also learn about JWT in a lot detail what it is what information does it contain what role does it play and about the signing process of a JWT using a public and private keys and how do we use a public key to verify the signature of a JW and how in the microservices environments when the request goes from the client to the authentication server via the API Gateway and then to the different micro Services via the API Gateway what is the flow of the GW taken from where it goes from where it is verified and how does the authentication work in the complete system that we will learn today let's get started so we'll learn about jwp authentication in Microsoft first of all we learn what is a JWT this is a sample JW token how it looks and you can see it is divided into three parts separated by dots first part is the header second part is the payload the third part is the signature of the GWT token these three parts are separated by the dot now there is a website jw2.io if you use this website you can decode verify and generate jwe token so when we try to devote this JWT using this website JWT dot IO this is what we get this is all the information that is contained in the JW token so here you can see hs526 is the algorithm kwt is the token type then it contains payload which is the custom data that we have set inside the JW token you can set anything ID name email whatever you want and then it contains the signature detail what type of signature is used to sign this JWT now let's talk about public and private key there are two sets of keys which are used to sign rjwt to verify it authenticity if a datability is signed it can be verified whether it is authentic jedibility or not whenever we want to sign a w or JWT we need a public we need a set of public and private key both but whenever you want to verify the JWT for example at API Gateway level in a micro Services environment a GWT is verified many times so in that case we just need the public key for verification purpose a public key is sufficient to verify the signature of our JWT now let's try to understand how the request flows in a micro Services environment and how is the JWT generated and verified you can see in this diagram we have our clients we have our API Gateway we have our authentication server and we have a set of services customer order and product service first of all when we try to login into the systems we call the login API which is a public API and we pass our ID and password to it this request goes to the API Gateway this is the post request and then the API Gateway sends this requests to the authentication server where after verifying the ID and password it generates a GW token for us and Returns the jw2 phone as a response for the login request now further if you try to access any of the micro Services what we need to do is we need to pass this DWT as a header in our request for example if you are trying to access the customer service this request goes to the API Gateway and then this request is first verified at the API Gateway level using the public key it is verified whether it is a valid JWT or not and also it checks from the payload whether this statewt has authorization to access the customer service or not after the verification is successful then only it is allowed to access the customer service and then we receive the response from the customer service which the API Gateway forwards back to the client or returns to the client and then let's take another example for example if you want to call order service again we need to send our jwp as part of the header and it will again get verified using the public key and then this request to will go to the order service so suppose now that the order service requires to call the product server again order server will hit the API Gateway URL of the product server and then you know again re-verification of JW free was happening whether this datability has access to the product service or not and after the very verification has app happened the product service will get called and the response will be returned to the API Gateway which will then be returned to the other service and it which will collate the responses of its own and product service and return to the end client and this is you know how authentication happens in the Microsoft environment where we have communication between multiple service what is the role of JWT basically apart from authentication it also carries claims whether each user is allowed to access which all services what all rights it have and after the verification of JWT and verifying the claims the particular webs resource is called and and the resource is called using the API Gateway URL and API Gateway redirects a request to the particular service this is how the request and response model works with authentication using a JWT token in microservices friends that's all for this video I hope you would have liked this video if you liked it a little bit of the thumbs up and also consider subscribing to our channel for more such videos now if you want to know about API Gateway filters to check out this video

Info

Channel: SPS Tech

Views: 6,439

Rating: undefined out of 5

Keywords: jwt authentication microservice, authentication in microservices, jwt authentication in microservices, microservices security architecture, authentication and authorization in microservices, using jwt for authentication, authentication in microservices architecture, authentication in microservices spring boot, authentication and authorization in spring boot microservices, microservices security using jwt authentication gateway, spring boot microservices jwt authentication

Id: nt892hMFWTY

Channel Id: undefined

Length: 6min 27sec (387 seconds)

Published: Tue Oct 25 2022