Bird
0
0

In a microservices architecture requiring JWT propagation with automatic token refresh, which approach best maintains security and token consistency?

hard📝 Trade-off Q9 of 15
Microservices - Authentication and Authorization
In a microservices architecture requiring JWT propagation with automatic token refresh, which approach best maintains security and token consistency?
AEach microservice generates its own JWT token upon receiving a request
BUse a centralized authentication gateway that issues tokens and refreshes them, forwarding the valid token downstream
CDownstream services request new tokens directly from the authentication server
DEmbed refresh tokens in every service-to-service call to allow token renewal anywhere
Step-by-Step Solution
Solution:

  1. Step 1: Understand token refresh

    Refreshing tokens centrally avoids token mismatch.

  2. Step 2: Avoid token generation in services

    Generating tokens in each service breaks trust chain.

  3. Step 3: Avoid downstream direct refresh

    Downstream requesting tokens complicates flow and security.

  4. Step 4: Avoid embedding refresh tokens everywhere

    This increases attack surface and complexity.

  5. Final Answer:

    Use a centralized authentication gateway that issues tokens and refreshes them, forwarding the valid token downstream -> Option B

  6. Quick Check:

    Central gateway manages tokens and refresh securely. [OK]
Quick Trick: Centralize token refresh to maintain JWT consistency [OK]
Common Mistakes:
MISTAKES
  • Allowing each service to generate tokens independently
  • Letting downstream services refresh tokens directly
  • Passing refresh tokens in every service call

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Microservices Quizzes
Authentication and Authorization - API key management - Quiz 5medium Event-Driven Architecture - Event-driven vs request-driven - Quiz 13medium Event-Driven Architecture - Event types (domain, integration, notification) - Quiz 2easy Event-Driven Architecture - Event-driven vs request-driven - Quiz 5medium Monitoring and Observability - Three pillars (metrics, logs, traces) - Quiz 15hard Monitoring and Observability - Metrics collection (Prometheus) - Quiz 1easy Orchestration with Kubernetes - ConfigMaps and Secrets - Quiz 7medium Orchestration with Kubernetes - Horizontal Pod Autoscaler - Quiz 8hard Orchestration with Kubernetes - Why Kubernetes manages microservice deployment - Quiz 15hard Service Mesh - Traffic management (routing, splitting) - Quiz 5medium