You design a system where multiple microservices authenticate each other using JWT tokens issued by a central auth server. To improve scalability and security, which approach is best?

hard📝 Trade-off Q15 of 15

Microservices - Authentication and Authorization

AEach service calls the auth server to verify tokens on every request

BEach service validates tokens locally using the auth server's public key without calling the auth server every time

CServices share a single API key for all authentication

DServices trust any token without verification to reduce latency

Step-by-Step Solution

Solution:

Step 1: Consider scalability of token verification
Calling the auth server on every request creates a bottleneck and reduces scalability.
Step 2: Use public key verification locally
JWT tokens can be verified locally using the auth server's public key, improving speed and security.
Final Answer:
Each service validates tokens locally using the auth server's public key without calling the auth server every time -> Option B
Quick Check:
Local JWT verification improves scalability = A [OK]

Quick Trick: Verify JWT locally with public key for scalability [OK]

Common Mistakes:

MISTAKES

Calling auth server on every request causing bottlenecks
Using shared API keys reduces security
Skipping token verification breaks security

Master "Authentication and Authorization" in Microservices

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Arch Try Challenge Design Recall Scale

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More Microservices Quizzes

You design a system where multiple microservices authenticate each other using JWT tokens issued by a central auth server. To improve scalability and security, which approach is best?

Step 1: Consider scalability of token verification

Step 2: Use public key verification locally

Final Answer:

Quick Check:

Want More Practice?