Bird
0
0

In a microservices system, Service A receives a JWT token from a user and calls Service B, which calls Service C. To ensure secure JWT token propagation and verification, which design is best?

hard📝 Trade-off Q15 of 15
Microservices - Authentication and Authorization
In a microservices system, Service A receives a JWT token from a user and calls Service B, which calls Service C. To ensure secure JWT token propagation and verification, which design is best?
AService A sends the JWT to Service B, which forwards the same JWT to Service C; each service verifies the token locally
BService A sends the JWT to Service B; Service B generates a new token for Service C with its own secret
CService A sends the JWT only to Service B; Service B calls Service C without any token
DService A sends the JWT to Service B; Service B stores the token and Service C fetches it from Service B when needed
Step-by-Step Solution
Solution:

  1. Step 1: Understand token propagation best practice

    JWT tokens should be forwarded unchanged so each service can verify the original user identity and claims.

  2. Step 2: Evaluate alternatives

    Generating new tokens breaks trust chain; skipping tokens breaks authentication; fetching tokens from another service adds complexity and risk.

  3. Final Answer:

    Service A sends the JWT to Service B, which forwards the same JWT to Service C; each service verifies the token locally -> Option A

  4. Quick Check:

    Forward original JWT for trust and verification [OK]
Quick Trick: Forward original JWT unchanged for trust across services [OK]
Common Mistakes:
MISTAKES
  • Creating new tokens at intermediate services
  • Not forwarding tokens to all downstream services
  • Relying on token fetching instead of forwarding

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Microservices Quizzes
Authentication and Authorization - API key management - Quiz 5medium Event-Driven Architecture - Event-driven vs request-driven - Quiz 13medium Event-Driven Architecture - Event types (domain, integration, notification) - Quiz 2easy Event-Driven Architecture - Event-driven vs request-driven - Quiz 5medium Monitoring and Observability - Three pillars (metrics, logs, traces) - Quiz 15hard Monitoring and Observability - Metrics collection (Prometheus) - Quiz 1easy Orchestration with Kubernetes - ConfigMaps and Secrets - Quiz 7medium Orchestration with Kubernetes - Horizontal Pod Autoscaler - Quiz 8hard Orchestration with Kubernetes - Why Kubernetes manages microservice deployment - Quiz 15hard Service Mesh - Traffic management (routing, splitting) - Quiz 5medium