#How to secure microservices archerecture.??

Like i wanna know what is the way to secure microservices architecture like the in 2 possible situations.

1. when there is a user to microservice communication

2. when there is a service - service communication

<@&1004656351647117403> please have a look, thanks.

Addition :- after some research I came to know about TLS and mTLS Integration between service to service communication

Or a JWT but I have no idea how to integrate it(MTLS OR TLS)

"secure" is too broad, could you narrow or further clarify the question?

Adding TLS is straight forward, you first need to grab a SSL certificate. You can get one for free from AWS or https://letsencrypt.org/

Then whatever library you're using will have the tools already available to use it

By secure I means the Authentication and Authorization

Of a user

Who tries to access resources

JWT is all about authentication and authorization

essentially, a JWT might contain something like the userId and "scope" i.e. the permissions they have

{
 "userId": "1234-5678-9",
 "scopes": ["user.read", "user.write"]
}```

and any other permissions

it's then "signed" using a secret key that you own

Hm so how can I pass it from ApiGateway to other service?? The requested one bu user

via the Authentication header

Also I wana know What is Keyclock can it help me in this case.??

Hm got it

so when you make a POST/GET/etc request, you can set a header "Authorization: <token>" and then validate it on the microservice

via HttpserveltRequest .?? On each Get and post method

Or using a filter .??

well I'm assuming when the user presses a button on your app, you send a HTTP request to the backend?

Oh

https://www.keycloak.org/ answer your own question 🙂

Thanks

generally, if you don't understand the product from reading the official sources, you're going to struggle regardless and it might not be a good option

because if you don't understand their docs, if you get problems, you won't be able to easily fix it

Got it

And thanks bro