Single Sign-On in Microservice Architecture

Question

I\'m trying to design a green-field project that will have several services (serving data) and web-applications (serving HTML). I\'ve read about microservices and they look

Answer 1

Chris Sterling explained standard authentication practice above and it makes absolute sense. I just want to put another thought here for some practical reasons.

We implemented authentication services and multiple other micro services relying on auth server in order to authorize resources. At some point we ran in to performance issues due to too many round trips to authentication server, we also had scalability issues for auth server as number of micro services increased. We changed the architecture little bit to avoid too many round trips.

Auth server will be contacted only once with credentials and it will generate the token based on a private key. Corresponding public key will be installed in each client (micro service server) which will be able to validate the authentication key with out contacting auth server. Key contain time generated and a client utility installed in micro service will validity as well. Even though it was not standard implementation we have pretty good success with this model especially when all the micro services are internally hosted.