In a microservices architecture, why do services propagate JWT tokens between them?
Think about how services know who the user is without re-authenticating.
JWT token propagation allows each microservice to verify the user's identity and permissions without querying a central session store, enabling stateless authentication.
In a typical microservices setup using JWT, which component usually creates and signs the JWT token?
Consider where user login and token creation logically happen.
The API Gateway or a dedicated Authentication Service handles user login and issues JWT tokens, which are then used by other services.
Why does using JWT tokens for authentication improve scalability in microservices compared to centralized session storage?
Think about what happens when many services need to check user identity simultaneously.
JWT tokens contain all necessary user info and are verified locally by each service, eliminating the need for a central session store and reducing bottlenecks.
Which of the following is a significant tradeoff when relying on JWT tokens for authorization across microservices?
Consider what happens if a userβs permissions change or they log out.
JWT tokens are self-contained and valid until expiry, so revoking them early is challenging without additional infrastructure like token blacklists.
Consider a user making a request that passes through multiple microservices. Which sequence correctly shows how JWT tokens are propagated?
Think about how tokens are passed and verified without extra calls.
The client sends the JWT token with the request. The API Gateway verifies it and forwards it. Each microservice then verifies the token locally without extra network calls.