Thank you for reading and sorry for the late reply. I think that what you want to accomplish is authorization, that is a step further than authentication.
One solution I can think of is making the auth guard aware of the microservice calling it. That way you could send to the auth microservice the token and the microservice the user is trying to access. Then you would need a place to look for user/microservices permissions and can return a response based on that.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi Ale, first of all, thanks for this amazing guide. It's very helpful
now, the question :D.
What about the "autorization" for differents microservices?...For example, I have a microservice for "listing" and another for "payment"
The same authenticated user must be logged and requesting the both MS, but maybe dont have enough permissions to acces at the payment service.
Any recomendation/pattern to manage the permissions for each microservice? (read/view/delete)
Thanks!
Thank you for reading and sorry for the late reply. I think that what you want to accomplish is authorization, that is a step further than authentication.
One solution I can think of is making the auth guard aware of the microservice calling it. That way you could send to the auth microservice the token and the microservice the user is trying to access. Then you would need a place to look for user/microservices permissions and can return a response based on that.