I have two modules in two different server i.e., User and transaction module.
User module has one Login API which generates the JWT token, Now I want to send that token to transaction module server and verify in order to protect routes.
Please suggest some ways how should I approach this scenario?
CodePudding user response:
with JWT, it has a secret key, u just share this to two modules, and use this.
CodePudding user response:
The easiest approach would be to share that secret_key to that "transaction module server" and verify the requests with same secret_key on both servers.
If you don't want to share the secret_key with the other server, then you have to sign the tokens with RSA.
With RSA, there is a concept of Private and Public key.
You sign the key with secret that is private and kept secure on your server and you share the public_key with all other servers, they can use this public_key to verify your signature.
Here's some articles on it -