What is OAuth and Why is it important in Microservices
In this tutorial, we are going to learn about OAuth and its importance in the Microservices.
- OAuth stands for open authentication.
In OAuth, to authenticate users, there is no local database of usernames and passwords. Instead, credentials are stored in an authentication server that allows other systems to check for username and password based on a specific standard, which is obviously open authentication or OAuth.
- For example, Google, Facebook LinkedIn support open authentication. So you can use Google as the source of truth in order to log in to a given system.
So credentials are made of Scope and Claim.
Scope means what information can be accessed by the system. For example, you can say name, age, or date of birth.
- For example, if you want to authenticate with Google, you need a specific scope for accessing the date of birth of the user.
- By default, you can get their emails, but if you want to get their full name again, you would need a specific scope.
Claim is a set of key value pairs.
- For example, if your scope includes a full name and the user allows your system to access the full name, then your claims will include a full name.
We know that in microservices, the entire system is broken down to many little applications that are independent, and we call them microservices.
- Now, if you want to access any of those microservices, you require authentication.
- And if a system has 100 microservices, you cannot go and authenticate 100 times because every time you want to authenticate with Google, user will be directed to Google so that they can allow your system to access their information and that’s not feasible.
So with OAuth, user authenticate only once.
- For example, your user is redirected to Google or Facebook once, and then it’s redirected back to the system.
- And then with the token that is generated and granted by Google or Facebook, you can authenticate against every other microservice as long as they also use that Google or Facebook as the source of truth, and can use their services.
- So OAuth suits microservices because you can grab a token and use that token to access any other microservices.