Enhance authentication

[sczyh30]

Current authentication implementation in the API Gateway is not very concise, and only supports Keycloak via Vert.x OAuth 2. So it's necessary to enhance the implementation of authentication. Maybe an individual authentication component is needed.

[a-marcel]

Hi,

if you change the auth maybe you can consider that it could be possible that a microservice is reachable without the API Gateway.

For decoupling the services and prevent problems with the api gateway (single point of failure), it could be possible that the clients goes directly to some microservices with the same token/session id.

From my point of view the usage of vertx JWT is a good idea too.

Thanks
Marcel

[Romeh]

yes JWT would be a better choice if you go with clean clean micro services design for service to service API trust