Bird
Raised Fist0
Microservicessystem_design~5 mins

Centralized vs distributed auth in Microservices - Quick Revision & Key Differences

Choose your learning style10 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is centralized authentication in microservices?
Centralized authentication means all user login and identity checks happen in one place, like a single service or server, which issues tokens or session info for other services to trust.
Click to reveal answer
beginner
What is distributed authentication in microservices?
Distributed authentication means each microservice handles its own user identity checks independently, often by validating tokens or credentials without relying on a single central service.
Click to reveal answer
intermediate
Name one advantage of centralized authentication.
It simplifies user management because all login logic and user data are in one place, making it easier to update and secure.
Click to reveal answer
intermediate
Name one challenge of distributed authentication.
It can be complex to keep user data consistent and secure across many services, and each service must implement authentication logic correctly.
Click to reveal answer
intermediate
How does token-based authentication support distributed auth?
Tokens like JWTs carry user identity and permissions, so services can verify them locally without calling a central server every time.
Click to reveal answer
Which is a key feature of centralized authentication?
AEach microservice stores user passwords locally
BNo tokens are used for identity
COne service handles all user login and issues tokens
DUsers authenticate separately to each service
What is a common token format used in distributed authentication?
AHTML
BJWT (JSON Web Token)
CCSV
DXML
Which is a disadvantage of centralized authentication?
ASingle point of failure
BHard to manage user data
CEach service must implement login logic
DNo token support
In distributed authentication, how do services verify user identity?
ABy ignoring authentication
BBy calling a central login server every time
CBy storing passwords in each service
DBy checking tokens locally
Which scenario favors centralized authentication?
AWhen you want simple user management
BWhen services are highly independent
CWhen you want no single point of failure
DWhen each service has different user databases
Explain the main differences between centralized and distributed authentication in microservices.
Think about where login happens and how services trust user identity.
You got /5 concepts.
    Describe advantages and challenges of using token-based authentication in distributed systems.
    Focus on how tokens help services trust users independently.
    You got /5 concepts.

      Practice

      (1/5)
      1. What is the main characteristic of centralized authentication in microservices?
      easy
      A. No authentication is required between services
      B. Each microservice verifies user identity independently
      C. Authentication is done by the client application only
      D. A single service handles all user login and identity verification

      Solution

      1. Step 1: Understand centralized authentication

        Centralized authentication means one dedicated service manages all login and identity checks for the system.

      2. Step 2: Compare with other options

        Distributed auth where each service verifies independently, client-only auth, or no auth are not centralized.

      3. Final Answer:

        A single service handles all user login and identity verification -> Option D

      4. Quick Check:

        Centralized auth = single service [OK]
      Hint: Centralized means one place handles all auth [OK]
      Common Mistakes:
      • Confusing centralized with distributed auth
      • Thinking each service handles login in centralized auth
      • Assuming client-only authentication is centralized
      2. Which of the following is a typical token used in distributed authentication?
      easy
      A. OAuth 2.0 access token
      B. SQL query string
      C. HTML cookie without signature
      D. Plain text password

      Solution

      1. Step 1: Identify token types in distributed auth

        Distributed authentication commonly uses tokens like OAuth 2.0 access tokens to verify identity without contacting a central service each time.

      2. Step 2: Eliminate incorrect options

        SQL queries, unsigned cookies, and plain text passwords are not secure tokens used for distributed auth.

      3. Final Answer:

        OAuth 2.0 access token -> Option A

      4. Quick Check:

        Distributed auth token = OAuth 2.0 token [OK]
      Hint: OAuth tokens are standard for distributed auth [OK]
      Common Mistakes:
      • Confusing SQL queries with tokens
      • Using unsigned cookies as secure tokens
      • Thinking plain text passwords are tokens
      3. Consider a microservice system where each service validates JWT tokens locally without contacting a central auth server. What is the main advantage of this approach?
      medium
      A. Reduced latency and less dependency on a central service
      B. Simpler token revocation management
      C. Centralized control over user sessions
      D. No need for token expiration

      Solution

      1. Step 1: Understand local JWT validation

        When services validate JWT tokens locally, they avoid network calls to a central auth server, reducing latency and dependency.

      2. Step 2: Analyze other options

        Token revocation is harder locally, centralized control over user sessions is lost, and tokens still need expiration.

      3. Final Answer:

        Reduced latency and less dependency on a central service -> Option A

      4. Quick Check:

        Distributed auth local validation = less latency [OK]
      Hint: Local token checks speed up requests [OK]
      Common Mistakes:
      • Assuming token revocation is easier locally
      • Thinking local validation means centralized control
      • Ignoring token expiration needs
      4. A microservice system uses centralized authentication but experiences frequent downtime of the auth service. What is the best way to fix this issue?
      medium
      A. Use plain text passwords for faster login
      B. Remove authentication completely
      C. Implement caching of authentication tokens in services
      D. Make each service validate tokens independently without central auth

      Solution

      1. Step 1: Identify problem with centralized auth downtime

        Downtime of the central auth service causes failures in login or token validation.

      2. Step 2: Choose a solution to reduce dependency

        Caching tokens locally in services reduces calls to the central auth, improving availability without removing auth or security.

      3. Final Answer:

        Implement caching of authentication tokens in services -> Option C

      4. Quick Check:

        Fix downtime by caching tokens [OK]
      Hint: Cache tokens to reduce auth service calls [OK]
      Common Mistakes:
      • Removing authentication entirely
      • Switching to insecure plain text passwords
      • Switching to distributed auth without planning
      5. You are designing a large microservices system that requires high security and low latency. Which authentication approach best balances these needs?
      hard
      A. Centralized authentication with synchronous calls for every request
      B. Distributed authentication using signed tokens validated locally with periodic revocation checks
      C. No authentication to maximize speed
      D. Centralized authentication with no token expiration

      Solution

      1. Step 1: Analyze security and latency needs

        High security requires token validation and revocation; low latency requires avoiding frequent central calls.

      2. Step 2: Evaluate options

        Distributed authentication using signed tokens validated locally with periodic revocation checks uses signed tokens validated locally to reduce latency and periodic revocation checks to maintain security. Centralized authentication with synchronous calls for every request causes latency, no authentication is insecure, and centralized authentication with no token expiration risks stale sessions.

      3. Final Answer:

        Distributed authentication using signed tokens validated locally with periodic revocation checks -> Option B

      4. Quick Check:

        Balance security and speed with distributed tokens [OK]
      Hint: Use local token checks plus revocation for security and speed [OK]
      Common Mistakes:
      • Choosing no authentication for speed
      • Ignoring token expiration and revocation
      • Relying on central auth for every request causing latency