July 2017
Beginner to intermediate
340 pages
7h 43m
English
Content preview from Python Microservices Development
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Token-based authentication
As we said earlier, when a service wants to get access to another service without any user intervention, we can use a CCG flow.
The idea behind CCG is that a service can authenticate to an authentication service exactly like a user would do, and ask for a token that it can then use to authenticate against other services.
A token is a like a password. It's proof that you are allowed to access a particular resource. Whether you are a user or a microservice, if you own a token that the resource recognizes, it's your key to access that resource.
Tokens can hold any information that is useful for the authentication and authorization process. Some of them can be:
- The user name or ID, if it's pertinent to the context ...