Spring Gateway that generates JWT token

Spring Gateway that generates JWT token

To issue (create) an JWT, you must authenticate the user, the JWT is cryptographically signed (by the authenticator) proof that the request is sent from that user.

Separation of Concerns

Gateway

The concern of a Gateway is to route requests. And do that in a good way.

Spring Cloud Gateway aims to provide a simple, yet effective way to route to APIs

Authentication Service

The concern of an Authentication Service is to authenticate the users, e.g. be the only service that has access to the user password metadata and be the only service with access to private keys used to sign JWT tokens.

The separation of concern is the reason why these two components are designed as two different components. The gateway should not have access to the private key to sign JWT tokens, so it should instead redirect unauthenticated users to the Authentication Service (Single Sign On in your link).

Spring Gateway that generates JWT token

Leave a Reply

Your email address will not be published. Required fields are marked *