Greetings programming community.
Here’s something that I’ve been looking for but at the moment I don’t believe I’ve had a straightforward answer.
Inside the same Solution I’ve got a JWT authentication webapi and a standard webAPi that returns random values.
How can I assure that the random values web api only responds when the user has a valid authorization that has been given by the jwt authenticaton webapi?
thank you.
Thank you.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You have two ways to do that:
- Write a custom authorization filter and register for random-number-generator api, and intercept the requests: Catch the JWT per request and forward to the auth-api to ensure that it’s valid and not expired yet.
- Put both of apis behind an api-gateway like Nginx, Envoy, Ocelot (or something else) with jwt-handling-feature enabled. First catch the request on the gateway on ask for authorization/authentication from jwt-api. If the answer is true/OK, the request will automatically be forwarded to random-number-generator api.
NOTE: In the second solution you will never be concerned about authentication/authorization in your random-number-gen api and you can freely develop your business behind the secure gateway.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0