0
0
Microservicessystem_design~12 mins

Centralized vs distributed auth in Microservices - Architecture Patterns Compared

Choose your learning style9 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale
System Overview - Centralized vs distributed auth

This system compares two common ways to handle user authentication in microservices: centralized and distributed authentication. Centralized auth uses a single service to verify users, while distributed auth lets each microservice handle authentication itself. The goal is to understand how requests flow and how failures affect each approach.

Architecture Diagram
User
  |
  v
+-----------------+          +-------------------+          +----------------+
|  Load Balancer  |--------->|  API Gateway      |--------->| Auth Service   |
+-----------------+          +-------------------+          +----------------+
                                      |                             |
                                      |                             v
                                      |                      +------------+
                                      |                      | User DB    |
                                      |                      +------------+
                                      v
                             +-------------------+
                             | Microservice A    |
                             +-------------------+


Distributed Auth:
User
  |
  v
+-----------------+          +-------------------+          +-------------------+
|  Load Balancer  |--------->|  API Gateway      |--------->| Microservice A     |
+-----------------+          +-------------------+          +-------------------+
                                                               |          |
                                                               |          v
                                                               |    +------------+
                                                               |    | User DB    |
                                                               |    +------------+
Components
User
actor
Person or system making requests
Load Balancer
load_balancer
Distributes incoming requests evenly to API Gateway instances
API Gateway
api_gateway
Entry point for requests, routes to services and handles centralized auth calls
Auth Service
service
Centralized service that verifies user credentials and issues tokens
User DB
database
Stores user credentials and authentication data
Microservice A
service
Business logic service that either relies on centralized auth or performs its own auth
Request Flow - 13 Hops
UserLoad Balancer
Load BalancerAPI Gateway
API GatewayAuth Service
Auth ServiceUser DB
Auth ServiceAPI Gateway
API GatewayMicroservice A
UserLoad Balancer
Load BalancerAPI Gateway
API GatewayMicroservice A
Microservice AUser DB
Microservice AAPI Gateway
API GatewayLoad Balancer
Load BalancerUser
Failure Scenario
Component Fails:Auth Service
Impact:Centralized auth fails: users cannot authenticate or get tokens, so all requests requiring auth fail. Distributed auth services remain unaffected.
Mitigation:Use multiple Auth Service instances with load balancing and failover. For distributed auth, each microservice handles auth independently, reducing single points of failure.
Architecture Quiz - 3 Questions
Test your understanding
In centralized authentication, which component is responsible for verifying user credentials?
AAuth Service
BAPI Gateway
CMicroservice A
DLoad Balancer
Design Principle
This architecture demonstrates the trade-offs between centralized and distributed authentication. Centralized auth simplifies token management but creates a single point of failure. Distributed auth increases resilience by decentralizing authentication but adds complexity to each microservice.