Authentication in Microservices | NestJS | Page 1

lament idol Jan 21, 2025, 11:13 AM

#

Previously in our monolithic application, we have used @nestjs/passport with cognito for authentication and used guards (CognitoGuard) and decorators (CurrentUser) across the application.
Folder structure is like
src
--auth (JWT)
--aws (Cognito, S3, SSM)
--db (mongo)
--user
--hospital
--clinical

Now, We have moved to microservice architecture. So there are three services called UserService (signin and basic user routes), HospitalService and ClinicalService. Each service will be in different repositories, and there will be role-based access too.

Here is the question:
How to implement authentication flow and share user data with all the services?
How can we construct the services?
Do we have to Repeat the same code in each repo?

There will be AWS services like Cognito, S3, SSM, and SES as well and It'll be common to all the services.

Api is REST

hollow garnet Jan 21, 2025, 11:59 AM

#

lament idol Previously in our monolithic application, we have used @nestjs/passport with cog...

You have two options I believe

Yes, reuse same code in all three repositories (we did that in much more microservices), maybe not best solution I know
Create your own private npm package where you will use shared logic, and that you will use in your repositories (and it’s not necessary private packages inside npm, your team can store them in GitHub/gitlab)

UPD: I mean, it’s not required to publish private packages to npmjs.com

lament idol Jan 21, 2025, 12:20 PM

#

If anybody has a public repository for reference, It would be helpful.

hallow heron Jan 21, 2025, 2:39 PM

#

Another option would be to make a centralized Auth Service. It has all the context needed to answer authorization questions. It has endpoints that let give a token and say "should be able to access X?" And the response is yes/no

lament idol Jan 21, 2025, 3:21 PM

#

Is it like http service or library?

hallow heron Jan 21, 2025, 3:28 PM

#

Its own microservice.

lament idol Jan 22, 2025, 6:59 AM

#

Then we can't use it like a guard, right?

proper quarry Jan 22, 2025, 8:31 AM

#

My take is, you should have a gateway server (as I call it) in front of your services. The gateway app is in charge of

Authn and Authz.
Routing the requests to the right (micro-)services.

So, basically the gateway app is the front layer of your monolith and instead of calling an internal service, as was in your monolith, you are calling your microservices.

So, basically, you'll have 4 apps running. The gateway app and your User, Hospital and Clinical services.

zealous cloak Jan 24, 2025, 11:14 PM

#

Use api gateway 🙂 and delegate logic to auth there

For example: apisix from apache

proper quarry Jan 25, 2025, 9:04 AM

#

Use api gateway

That is what I was suggesting to build. The issue with proxies doing auth is, when things change (and they will a lot), it's a bit harder to "reconfigure" the proxy than to just change your code. And, Nest is predestined for building a gateway app relatively simply. But, if all you want to do is concentrate on your services, then yeah, go for a finished API Gateway proxy. There are many. 🙂

#Authentication in Microservices