Question 121012 in Redis Question posted in
The official documentation can be found here.

Redis – Storing JWT in microservices

We are building a microservices to integrate with an external API that uses OAuth2 and provides tokens (JWT).

What is the best place to store token? redis? database?

Service will run on kubernetes so when the pods scale out, they need access to the token.

what is the best practice to store JWT in microservices on cloud?

Thank you.

Tags:

2

Answers


  1. 0

    It depends a on the overal architecture and the scaling requirements per service.

    Dedicated external api gateway microservice

    You could create a dedicated external api gateway microservice with a sole responsibility for hooking up to the external API to handle the oauth2 flows / access tokens / refresh tokens and keeps everything contained in memory on that service. Most likely the scaling requirements of that particular service will not be the same as the rest of your microservice landscape. (you could limit the scaling in accordance to the rate limits by the external authorization server).

    That microservice could then expose its functionality to the other microservices in your landscape that might have larger scaling needs.

    Advantage is that everything is contained within that one microservice and no storage is needed. You can make sure you don’t rate limit the external authorization server by setting up the scaling.

    It would also provide a nice layer to introduce caching and offers a nice level of abstraction

    Storing tokens in secure storage

    It is possible to setup a secure global storage mechanism so that each individual service that needs access to that external API can get an access token and call the API, but that’s typically not how most oauth2 clients will work (not in spring). You typically don’t "bootstrap" an oauth2 flow with a refresh / access token but you bootstrap it using one of the supported oauth2 flows.

    You would need to properly secure this storage. Using cloud provided mechanism like a secure SSM parameter store on AWS, or encrypting the tokens yourself.
    You would also need to coordinate refreshing the access tokens and updating them into storage, making sure they are distributed fast enough to all services.

    This can sometimes prove to be more of a hassle and infrastructure impact than just going for the dedicated external api gateway principle outlined above.

    Login or Signup to reply.
  2. 0

    What is the best place to store token?

    Storing JWT should be in a highly available and scalable data store that can be accessed by all the microservices. The best solution is consistent and secure JWT generation using a centralised authorisation server.

    redis? database?

    Both Redis and databases like PostgreSQL, MySQL or MongoDB are good choice to store tokens. However thing is that the choice of data store would depend on the specific requirements of your system.

    Redis can store JWTs with a short expiration time as Redis is an in-memory data store

    Databases like PostgreSQL, MySQL or MongoDB can store JWTs for a longer duration as they are persistent storages that Redis.

    what is the best practice to store JWT in microservices on cloud?

    If we are talking about the cloud,I recommend to use a cloud-based managed data store like AWS DynamoDB or Google Cloud Firestore. Because they provide high availability and automatic scaling. Furthermore it is better to use Kubernetes-native data stores like ETCD or ZooKeeper.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search