Authentication for Microservices

[hsharma1996]

I am planning on developing microservices with Adonisjs
But I am confused how authetication will work.
Since authetication service will have it's own database, How I am supposed to pass authetication data to another service without access authentication database or I must maintain a connection to authetication datbase from each microservice ?
As soon as I use auth middleware, There will be a database call to fetch user data based on token, How can I get data in that case ? Shall I modify auth middleware to call authentication service(Seems a like there will be a lot of load on authentication server).
Please share your ideas/Suggestions

[bhayron]

When developing microservices with AdonisJS, authentication is an important issue to consider. As you mentioned, if you maintain an authentication database for each microservice, it can lead to issues with data synchronization and maintaining multiple data sources. On the other hand, if you have a single authentication service for all microservices, there can be a performance bottleneck and the system can be difficult to scale.

An alternative approach is to use a third-party authentication provider, such as Auth0, which can handle authentication and authorization across all microservices. Auth0 uses a JWT (JSON Web Token) token template that is issued by the authentication service and includes information about the authenticated user. Each microservice can check the validity of the token and obtain information about the user without having to make a database call.

If you want to keep the authentication service on your own system, another approach is to use an authentication protocol like OAuth2. In this model, the authentication service issues an access token that can be used in other microservices to authenticate the user. The access token contains enough information to verify the user's authenticity without having to access the authentication database.

Additionally, you can use Redis or another in-memory database to store user information after authentication. This can reduce authentication server overhead and speed up access to user data by other microservices.

In summary, there are several approaches you can consider when implementing authentication in microservices with AdonisJS. It's important to find the solution that best fits your system's needs and offers a good mix of performance, security, and ease of maintenance.

[McSneaky]

That sounds like ChatGPT answer :D

But that's how it is :)

Depends on how your stuff is archidectured. Does other microservices need to know about currently logged in user?
If yesh, then I'd suggest to start with single auth service and use JWTs
If it's just server-to-server and no user info is transfered you can just add your custom x-auth header, something like this:

import { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import Env from '@ioc:Adonis/Core/Env'

export default class XAuthCheck {
  public async handle ({ request, response }: HttpContextContract, next: () => Promise<void>) {
    // code for middleware goes here. ABOVE THE NEXT CALL
    if (request.header('x-auth-token') !== Env.get('X_AUTH_TOKEN')) {
      return response.forbidden('Auth token missing or invalid')
    }
    await next()
  }
}

And then just pass this x-auth-token with all your server-to-server requests

JWTs sound all good and nice, but they also have quite some downsides, like no way to invalidate or log out single user in a nice way etc
It's easy to implement tho

[bhayron]

Eu tinha esquecido desse topico, eu resolvi meu problema da seguinte forma:
utilizando a "jsonwebtoken"

import jwt from 'jsonwebtoken'

interface Users {
  type: string,
  level: string,
  address: string,
  isAdmin: string,
  iat: number,
  userId: string,
  clientType: string
}

export function generateToken(user: Users) {
  const token = jwt.sign(
    {
      clientType: user.clientType,
      userId: user.userId,
      iat: user.iat,
      type: user.type,
      level: user.level,
      address: user.address,
      isAdmin: user.isAdmin,
    },
    'P5d3nmgne9v5ra6e',
    // { expiresIn: '1h' }
  );
  return token;
}

const userDataToken: any = {
  type: 'admin',
  clientType: 'adm',
  userId: '7',
  address: 'AM',
  iat: 1681498903
}

function verifyToken(token: any) {
  try {
    const decodedToken = jwt.verify(token, 'P5d3nmgne9v5ra6e');
    return decodedToken;
  } catch (error) {
    console.error(error);
    return null;
  }
}

const login = generateToken(userDataToken)
const login2 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoiY2xpZW50IiwiY2xpZW50VHlwZSI6ImNsaWVudCIsInVzZXJJZCI6IjciLCJhZGRyZXNzIjoiU1AiLCJpYXQiOjE2ODE0OTg5MDN9.3AhTFO_i2ExaRbQ47UMNYC1VHllkXTafOmTqLGssHjY'
 console.log('Token', login);

const decodedToken: any = verifyToken(login);
 console.log(decodedToken);

To generate the token

      async function generateToken(user: User) {
        const token = jwt.sign(
          {
            type: user.type,
            clientType: user.clientType,
            userId: user.userId,
            address: user.address,
          },
          Env.get('KEY_ADS'),
        );
        return token;
      }
      const aclToken = await generateToken(userDataToken)
 
      return response.send({aclToken })

To decrypt the token, i put this logic in a middleware.

 const reader = request.headers()
   const token = reader.tokenads as string
   if (!token) {
     return response.unauthorized({
       error: { message: 'Token não fornecido' },
     })
   }
   const key = Env.get('KEY_ADS')
   const decodedToken: JwtPayload = jwt.verify(token, key)
  
   if (decodedToken) {
     await next()
   } else {
     return response.unauthorized({
       error: { message: 'Token inválido' },
     })
   }