Authentication
The starting point of every project is the authentication system, in which it is possible to identify the users or customers who will use our application or API. There are many libraries to implement the different ways to authenticate users; in this book, we will see two of the most important ways: OAuth 2 and JWT.
As we already know, microservices are stateless, which means that they should communicate with each other and users using an access token instead of cookies and sessions. So, let's look at what the workflow of the authentication is like using it:
As you can see in the preceding image, this should be the process of getting a list of secrets required by a customer or user:
USER asks FRONTEND LOGIN for a list of secrets.
FRONTEND LOGIN asks BACKEND for the list of secrets.
BACKEND asks FRONTEND LOGIN for the user access token.
FRONTEND LOGIN asks GOOGLE (or any other provider) for the access token.
GOOGLE asks USER for their credentials...